OpenCoverage

packet.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/packet.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: packet.c,v 1.277 2018/07/16 03:09:13 djm Exp $ */-
2/*-
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>-
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland-
5 * All rights reserved-
6 * This file contains code implementing the packet protocol and communication-
7 * with the other side. This same code is used both on client and server side.-
8 *-
9 * As far as I am concerned, the code I have written for this software-
10 * can be used freely for any purpose. Any derived versions of this-
11 * software must be clearly marked as such, and if the derived work is-
12 * incompatible with the protocol description in the RFC file, it must be-
13 * called by a name other than "ssh" or "Secure Shell".-
14 *-
15 *-
16 * SSH2 packet format added by Markus Friedl.-
17 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.-
18 *-
19 * Redistribution and use in source and binary forms, with or without-
20 * modification, are permitted provided that the following conditions-
21 * are met:-
22 * 1. Redistributions of source code must retain the above copyright-
23 * notice, this list of conditions and the following disclaimer.-
24 * 2. Redistributions in binary form must reproduce the above copyright-
25 * notice, this list of conditions and the following disclaimer in the-
26 * documentation and/or other materials provided with the distribution.-
27 *-
28 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR-
29 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES-
30 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.-
31 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,-
32 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
33 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,-
34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY-
35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT-
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF-
37 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.-
38 */-
39-
40#include "includes.h"-
41-
42#include <sys/types.h>-
43#include "openbsd-compat/sys-queue.h"-
44#include <sys/socket.h>-
45#ifdef HAVE_SYS_TIME_H-
46# include <sys/time.h>-
47#endif-
48-
49#include <netinet/in.h>-
50#include <netinet/ip.h>-
51#include <arpa/inet.h>-
52-
53#include <errno.h>-
54#include <netdb.h>-
55#include <stdarg.h>-
56#include <stdio.h>-
57#include <stdlib.h>-
58#include <string.h>-
59#include <unistd.h>-
60#include <limits.h>-
61#include <signal.h>-
62#include <time.h>-
63-
64/*-
65 * Explicitly include OpenSSL before zlib as some versions of OpenSSL have-
66 * "free_func" in their headers, which zlib typedefs.-
67 */-
68#ifdef WITH_OPENSSL-
69# include <openssl/bn.h>-
70# include <openssl/evp.h>-
71# ifdef OPENSSL_HAS_ECC-
72# include <openssl/ec.h>-
73# endif-
74#endif-
75-
76#include <zlib.h>-
77-
78#include "xmalloc.h"-
79#include "crc32.h"-
80#include "compat.h"-
81#include "ssh2.h"-
82#include "cipher.h"-
83#include "sshkey.h"-
84#include "kex.h"-
85#include "digest.h"-
86#include "mac.h"-
87#include "log.h"-
88#include "canohost.h"-
89#include "misc.h"-
90#include "channels.h"-
91#include "ssh.h"-
92#include "packet.h"-
93#include "ssherr.h"-
94#include "sshbuf.h"-
95-
96#ifdef PACKET_DEBUG-
97#define DBG(x) x-
98#else-
99#define DBG(x)-
100#endif-
101-
102#define PACKET_MAX_SIZE (256 * 1024)-
103-
104struct packet_state {-
105 u_int32_t seqnr;-
106 u_int32_t packets;-
107 u_int64_t blocks;-
108 u_int64_t bytes;-
109};-
110-
111struct packet {-
112 TAILQ_ENTRY(packet) next;-
113 u_char type;-
114 struct sshbuf *payload;-
115};-
116-
117struct session_state {-
118 /*-
119 * This variable contains the file descriptors used for-
120 * communicating with the other side. connection_in is used for-
121 * reading; connection_out for writing. These can be the same-
122 * descriptor, in which case it is assumed to be a socket.-
123 */-
124 int connection_in;-
125 int connection_out;-
126-
127 /* Protocol flags for the remote side. */-
128 u_int remote_protocol_flags;-
129-
130 /* Encryption context for receiving data. Only used for decryption. */-
131 struct sshcipher_ctx *receive_context;-
132-
133 /* Encryption context for sending data. Only used for encryption. */-
134 struct sshcipher_ctx *send_context;-
135-
136 /* Buffer for raw input data from the socket. */-
137 struct sshbuf *input;-
138-
139 /* Buffer for raw output data going to the socket. */-
140 struct sshbuf *output;-
141-
142 /* Buffer for the partial outgoing packet being constructed. */-
143 struct sshbuf *outgoing_packet;-
144-
145 /* Buffer for the incoming packet currently being processed. */-
146 struct sshbuf *incoming_packet;-
147-
148 /* Scratch buffer for packet compression/decompression. */-
149 struct sshbuf *compression_buffer;-
150-
151 /* Incoming/outgoing compression dictionaries */-
152 z_stream compression_in_stream;-
153 z_stream compression_out_stream;-
154 int compression_in_started;-
155 int compression_out_started;-
156 int compression_in_failures;-
157 int compression_out_failures;-
158-
159 /* default maximum packet size */-
160 u_int max_packet_size;-
161-
162 /* Flag indicating whether this module has been initialized. */-
163 int initialized;-
164-
165 /* Set to true if the connection is interactive. */-
166 int interactive_mode;-
167-
168 /* Set to true if we are the server side. */-
169 int server_side;-
170-
171 /* Set to true if we are authenticated. */-
172 int after_authentication;-
173-
174 int keep_alive_timeouts;-
175-
176 /* The maximum time that we will wait to send or receive a packet */-
177 int packet_timeout_ms;-
178-
179 /* Session key information for Encryption and MAC */-
180 struct newkeys *newkeys[MODE_MAX];-
181 struct packet_state p_read, p_send;-
182-
183 /* Volume-based rekeying */-
184 u_int64_t max_blocks_in, max_blocks_out, rekey_limit;-
185-
186 /* Time-based rekeying */-
187 u_int32_t rekey_interval; /* how often in seconds */-
188 time_t rekey_time; /* time of last rekeying */-
189-
190 /* roundup current message to extra_pad bytes */-
191 u_char extra_pad;-
192-
193 /* XXX discard incoming data after MAC error */-
194 u_int packet_discard;-
195 size_t packet_discard_mac_already;-
196 struct sshmac *packet_discard_mac;-
197-
198 /* Used in packet_read_poll2() */-
199 u_int packlen;-
200-
201 /* Used in packet_send2 */-
202 int rekeying;-
203-
204 /* Used in ssh_packet_send_mux() */-
205 int mux;-
206-
207 /* Used in packet_set_interactive */-
208 int set_interactive_called;-
209-
210 /* Used in packet_set_maxsize */-
211 int set_maxsize_called;-
212-
213 /* One-off warning about weak ciphers */-
214 int cipher_warning_done;-
215-
216 /* Hook for fuzzing inbound packets */-
217 ssh_packet_hook_fn *hook_in;-
218 void *hook_in_ctx;-
219-
220 TAILQ_HEAD(, packet) outgoing;-
221};-
222-
223struct ssh *-
224ssh_alloc_session_state(void)-
225{-
226 struct ssh *ssh = NULL;-
227 struct session_state *state = NULL;-
228-
229 if ((ssh = calloc(1, sizeof(*ssh))) == NULL ||
(ssh = calloc(...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
230 (state = calloc(1, sizeof(*state))) == NULL ||
(state = callo...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
231 (state->input = sshbuf_new()) == NULL ||
(state->input ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
232 (state->output = sshbuf_new()) == NULL ||
(state->output...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
233 (state->outgoing_packet = sshbuf_new()) == NULL ||
(state->outgoi...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
234 (state->incoming_packet = sshbuf_new()) == NULL)
(state->incomi...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
235 goto fail;
never executed: goto fail;
0
236 TAILQ_INIT(&state->outgoing);-
237 TAILQ_INIT(&ssh->private_keys);-
238 TAILQ_INIT(&ssh->public_keys);-
239 state->connection_in = -1;-
240 state->connection_out = -1;-
241 state->max_packet_size = 32768;-
242 state->packet_timeout_ms = -1;-
243 state->p_send.packets = state->p_read.packets = 0;-
244 state->initialized = 1;-
245 /*-
246 * ssh_packet_send2() needs to queue packets until-
247 * we've done the initial key exchange.-
248 */-
249 state->rekeying = 1;-
250 ssh->state = state;-
251 return ssh;
executed 96 times by 1 test: return ssh;
Executed by:
  • test_kex
96
252 fail:-
253 if (state) {
stateDescription
TRUEnever evaluated
FALSEnever evaluated
0
254 sshbuf_free(state->input);-
255 sshbuf_free(state->output);-
256 sshbuf_free(state->incoming_packet);-
257 sshbuf_free(state->outgoing_packet);-
258 free(state);-
259 }
never executed: end of block
0
260 free(ssh);-
261 return NULL;
never executed: return ((void *)0) ;
0
262}-
263-
264void-
265ssh_packet_set_input_hook(struct ssh *ssh, ssh_packet_hook_fn *hook, void *ctx)-
266{-
267 ssh->state->hook_in = hook;-
268 ssh->state->hook_in_ctx = ctx;-
269}
never executed: end of block
0
270-
271/* Returns nonzero if rekeying is in progress */-
272int-
273ssh_packet_is_rekeying(struct ssh *ssh)-
274{-
275 return ssh->state->rekeying ||
executed 208 times by 1 test: return ssh->state->rekeying || (ssh->kex != ((void *)0) && ssh->kex->done == 0);
Executed by:
  • test_kex
ssh->state->rekeyingDescription
TRUEevaluated 112 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
96-208
276 (ssh->kex != NULL && ssh->kex->done == 0);
executed 208 times by 1 test: return ssh->state->rekeying || (ssh->kex != ((void *)0) && ssh->kex->done == 0);
Executed by:
  • test_kex
ssh->kex != ((void *)0)Description
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
ssh->kex->done == 0Description
TRUEevaluated 64 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
0-208
277}-
278-
279/*-
280 * Sets the descriptors used for communication.-
281 */-
282struct ssh *-
283ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)-
284{-
285 struct session_state *state;-
286 const struct sshcipher *none = cipher_by_name("none");-
287 int r;-
288-
289 if (none == NULL) {
none == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
290 error("%s: cannot load cipher 'none'", __func__);-
291 return NULL;
never executed: return ((void *)0) ;
0
292 }-
293 if (ssh == NULL)
ssh == ((void *)0)Description
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-96
294 ssh = ssh_alloc_session_state();
executed 96 times by 1 test: ssh = ssh_alloc_session_state();
Executed by:
  • test_kex
96
295 if (ssh == NULL) {
ssh == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
296 error("%s: cound not allocate state", __func__);-
297 return NULL;
never executed: return ((void *)0) ;
0
298 }-
299 state = ssh->state;-
300 state->connection_in = fd_in;-
301 state->connection_out = fd_out;-
302 if ((r = cipher_init(&state->send_context, none,
(r = cipher_in... , 0, 1)) != 0Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
303 (const u_char *)"", 0, NULL, 0, CIPHER_ENCRYPT)) != 0 ||
(r = cipher_in... , 0, 1)) != 0Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
304 (r = cipher_init(&state->receive_context, none,
(r = cipher_in... , 0, 0)) != 0Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
305 (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) {
(r = cipher_in... , 0, 0)) != 0Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
306 error("%s: cipher_init failed: %s", __func__, ssh_err(r));-
307 free(ssh); /* XXX need ssh_free_session_state? */-
308 return NULL;
never executed: return ((void *)0) ;
0
309 }-
310 state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;-
311 /*-
312 * Cache the IP address of the remote connection for use in error-
313 * messages that might be generated after the connection has closed.-
314 */-
315 (void)ssh_remote_ipaddr(ssh);-
316 return ssh;
executed 96 times by 1 test: return ssh;
Executed by:
  • test_kex
96
317}-
318-
319void-
320ssh_packet_set_timeout(struct ssh *ssh, int timeout, int count)-
321{-
322 struct session_state *state = ssh->state;-
323-
324 if (timeout <= 0 || count <= 0) {
timeout <= 0Description
TRUEnever evaluated
FALSEnever evaluated
count <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
325 state->packet_timeout_ms = -1;-
326 return;
never executed: return;
0
327 }-
328 if ((INT_MAX / 1000) / count < timeout)
(0x7fffffff / ...ount < timeoutDescription
TRUEnever evaluated
FALSEnever evaluated
0
329 state->packet_timeout_ms = INT_MAX;
never executed: state->packet_timeout_ms = 0x7fffffff;
0
330 else-
331 state->packet_timeout_ms = timeout * count * 1000;
never executed: state->packet_timeout_ms = timeout * count * 1000;
0
332}-
333-
334void-
335ssh_packet_set_mux(struct ssh *ssh)-
336{-
337 ssh->state->mux = 1;-
338 ssh->state->rekeying = 0;-
339}
never executed: end of block
0
340-
341int-
342ssh_packet_get_mux(struct ssh *ssh)-
343{-
344 return ssh->state->mux;
never executed: return ssh->state->mux;
0
345}-
346-
347int-
348ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...)-
349{-
350 va_list args;-
351 int r;-
352-
353 free(ssh->log_preamble);-
354 if (fmt == NULL)
fmt == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
355 ssh->log_preamble = NULL;
never executed: ssh->log_preamble = ((void *)0) ;
0
356 else {-
357 va_start(args, fmt);-
358 r = vasprintf(&ssh->log_preamble, fmt, args);-
359 va_end(args);-
360 if (r < 0 || ssh->log_preamble == NULL)
r < 0Description
TRUEnever evaluated
FALSEnever evaluated
ssh->log_pream...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
361 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
362 }
never executed: end of block
0
363 return 0;
never executed: return 0;
0
364}-
365-
366int-
367ssh_packet_stop_discard(struct ssh *ssh)-
368{-
369 struct session_state *state = ssh->state;-
370 int r;-
371-
372 if (state->packet_discard_mac) {
state->packet_discard_macDescription
TRUEnever evaluated
FALSEnever evaluated
0
373 char buf[1024];-
374 size_t dlen = PACKET_MAX_SIZE;-
375-
376 if (dlen > state->packet_discard_mac_already)
dlen > state->...rd_mac_alreadyDescription
TRUEnever evaluated
FALSEnever evaluated
0
377 dlen -= state->packet_discard_mac_already;
never executed: dlen -= state->packet_discard_mac_already;
0
378 memset(buf, 'a', sizeof(buf));-
379 while (sshbuf_len(state->incoming_packet) < dlen)
sshbuf_len(sta...packet) < dlenDescription
TRUEnever evaluated
FALSEnever evaluated
0
380 if ((r = sshbuf_put(state->incoming_packet, buf,
(r = sshbuf_pu...of(buf))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
381 sizeof(buf))) != 0)
(r = sshbuf_pu...of(buf))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
382 return r;
never executed: return r;
0
383 (void) mac_compute(state->packet_discard_mac,-
384 state->p_read.seqnr,-
385 sshbuf_ptr(state->incoming_packet), dlen,-
386 NULL, 0);-
387 }
never executed: end of block
0
388 logit("Finished discarding for %.200s port %d",-
389 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));-
390 return SSH_ERR_MAC_INVALID;
never executed: return -30;
0
391}-
392-
393static int-
394ssh_packet_start_discard(struct ssh *ssh, struct sshenc *enc,-
395 struct sshmac *mac, size_t mac_already, u_int discard)-
396{-
397 struct session_state *state = ssh->state;-
398 int r;-
399-
400 if (enc == NULL || !cipher_is_cbc(enc->cipher) || (mac && mac->etm)) {
enc == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
!cipher_is_cbc(enc->cipher)Description
TRUEnever evaluated
FALSEnever evaluated
macDescription
TRUEnever evaluated
FALSEnever evaluated
mac->etmDescription
TRUEnever evaluated
FALSEnever evaluated
0
401 if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0)
(r = sshpkt_di...orrupt")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
402 return r;
never executed: return r;
0
403 return SSH_ERR_MAC_INVALID;
never executed: return -30;
0
404 }-
405 /*-
406 * Record number of bytes over which the mac has already-
407 * been computed in order to minimize timing attacks.-
408 */-
409 if (mac && mac->enabled) {
macDescription
TRUEnever evaluated
FALSEnever evaluated
mac->enabledDescription
TRUEnever evaluated
FALSEnever evaluated
0
410 state->packet_discard_mac = mac;-
411 state->packet_discard_mac_already = mac_already;-
412 }
never executed: end of block
0
413 if (sshbuf_len(state->input) >= discard)
sshbuf_len(sta...ut) >= discardDescription
TRUEnever evaluated
FALSEnever evaluated
0
414 return ssh_packet_stop_discard(ssh);
never executed: return ssh_packet_stop_discard(ssh);
0
415 state->packet_discard = discard - sshbuf_len(state->input);-
416 return 0;
never executed: return 0;
0
417}-
418-
419/* Returns 1 if remote host is connected via socket, 0 if not. */-
420-
421int-
422ssh_packet_connection_is_on_socket(struct ssh *ssh)-
423{-
424 struct session_state *state;-
425 struct sockaddr_storage from, to;-
426 socklen_t fromlen, tolen;-
427-
428 if (ssh == NULL || ssh->state == NULL)
ssh == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
ssh->state == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
429 return 0;
never executed: return 0;
0
430-
431 state = ssh->state;-
432 if (state->connection_in == -1 || state->connection_out == -1)
state->connection_in == -1Description
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
state->connection_out == -1Description
TRUEnever evaluated
FALSEnever evaluated
0-96
433 return 0;
executed 96 times by 1 test: return 0;
Executed by:
  • test_kex
96
434 /* filedescriptors in and out are the same, so it's a socket */-
435 if (state->connection_in == state->connection_out)
state->connect...connection_outDescription
TRUEnever evaluated
FALSEnever evaluated
0
436 return 1;
never executed: return 1;
0
437 fromlen = sizeof(from);-
438 memset(&from, 0, sizeof(from));-
439 if (getpeername(state->connection_in, (struct sockaddr *)&from,
getpeername(st... &fromlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
440 &fromlen) < 0)
getpeername(st... &fromlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
441 return 0;
never executed: return 0;
0
442 tolen = sizeof(to);-
443 memset(&to, 0, sizeof(to));-
444 if (getpeername(state->connection_out, (struct sockaddr *)&to,
getpeername(st...o, &tolen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
445 &tolen) < 0)
getpeername(st...o, &tolen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
446 return 0;
never executed: return 0;
0
447 if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
fromlen != tolenDescription
TRUEnever evaluated
FALSEnever evaluated
memcmp(&from, ... fromlen) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
448 return 0;
never executed: return 0;
0
449 if (from.ss_family != AF_INET && from.ss_family != AF_INET6)
from.ss_family != 2Description
TRUEnever evaluated
FALSEnever evaluated
from.ss_family != 10Description
TRUEnever evaluated
FALSEnever evaluated
0
450 return 0;
never executed: return 0;
0
451 return 1;
never executed: return 1;
0
452}-
453-
454void-
455ssh_packet_get_bytes(struct ssh *ssh, u_int64_t *ibytes, u_int64_t *obytes)-
456{-
457 if (ibytes)
ibytesDescription
TRUEnever evaluated
FALSEnever evaluated
0
458 *ibytes = ssh->state->p_read.bytes;
never executed: *ibytes = ssh->state->p_read.bytes;
0
459 if (obytes)
obytesDescription
TRUEnever evaluated
FALSEnever evaluated
0
460 *obytes = ssh->state->p_send.bytes;
never executed: *obytes = ssh->state->p_send.bytes;
0
461}
never executed: end of block
0
462-
463int-
464ssh_packet_connection_af(struct ssh *ssh)-
465{-
466 struct sockaddr_storage to;-
467 socklen_t tolen = sizeof(to);-
468-
469 memset(&to, 0, sizeof(to));-
470 if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to,
getsockname(ss...o, &tolen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
471 &tolen) < 0)
getsockname(ss...o, &tolen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
472 return 0;
never executed: return 0;
0
473#ifdef IPV4_IN_IPV6-
474 if (to.ss_family == AF_INET6 &&
to.ss_family == 10Description
TRUEnever evaluated
FALSEnever evaluated
0
475 IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr))
(__extension__... (0xffff); }))Description
TRUEnever evaluated
FALSEnever evaluated
0
476 return AF_INET;
never executed: return 2 ;
0
477#endif-
478 return to.ss_family;
never executed: return to.ss_family;
0
479}-
480-
481/* Sets the connection into non-blocking mode. */-
482-
483void-
484ssh_packet_set_nonblocking(struct ssh *ssh)-
485{-
486 /* Set the socket into non-blocking mode. */-
487 set_nonblock(ssh->state->connection_in);-
488-
489 if (ssh->state->connection_out != ssh->state->connection_in)
ssh->state->co...>connection_inDescription
TRUEnever evaluated
FALSEnever evaluated
0
490 set_nonblock(ssh->state->connection_out);
never executed: set_nonblock(ssh->state->connection_out);
0
491}
never executed: end of block
0
492-
493/* Returns the socket used for reading. */-
494-
495int-
496ssh_packet_get_connection_in(struct ssh *ssh)-
497{-
498 return ssh->state->connection_in;
never executed: return ssh->state->connection_in;
0
499}-
500-
501/* Returns the descriptor used for writing. */-
502-
503int-
504ssh_packet_get_connection_out(struct ssh *ssh)-
505{-
506 return ssh->state->connection_out;
never executed: return ssh->state->connection_out;
0
507}-
508-
509/*-
510 * Returns the IP-address of the remote host as a string. The returned-
511 * string must not be freed.-
512 */-
513-
514const char *-
515ssh_remote_ipaddr(struct ssh *ssh)-
516{-
517 int sock;-
518-
519 /* Check whether we have cached the ipaddr. */-
520 if (ssh->remote_ipaddr == NULL) {
ssh->remote_ip...== ((void *)0)Description
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-96
521 if (ssh_packet_connection_is_on_socket(ssh)) {
ssh_packet_con...on_socket(ssh)Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
522 sock = ssh->state->connection_in;-
523 ssh->remote_ipaddr = get_peer_ipaddr(sock);-
524 ssh->remote_port = get_peer_port(sock);-
525 ssh->local_ipaddr = get_local_ipaddr(sock);-
526 ssh->local_port = get_local_port(sock);-
527 } else {
never executed: end of block
0
528 ssh->remote_ipaddr = strdup("UNKNOWN");
executed 96 times by 1 test: __retval = (char *) memcpy (__retval, "UNKNOWN" , __len);
Executed by:
  • test_kex
__retval != ((void *)0)Description
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
__builtin_cons... ( "UNKNOWN" )Description
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
((size_t)(cons...KNOWN" ) == 1)Description
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-96
529 ssh->remote_port = 65535;-
530 ssh->local_ipaddr = strdup("UNKNOWN");
executed 96 times by 1 test: __retval = (char *) memcpy (__retval, "UNKNOWN" , __len);
Executed by:
  • test_kex
__retval != ((void *)0)Description
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
((const char *... ))[0] == '\0'Description
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
__builtin_cons... ( "UNKNOWN" )Description
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
((size_t)(cons...KNOWN" ) == 1)Description
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-96
531 ssh->local_port = 65535;-
532 }
executed 96 times by 1 test: end of block
Executed by:
  • test_kex
96
533 }-
534 return ssh->remote_ipaddr;
executed 96 times by 1 test: return ssh->remote_ipaddr;
Executed by:
  • test_kex
96
535}-
536-
537/* Returns the port number of the remote host. */-
538-
539int-
540ssh_remote_port(struct ssh *ssh)-
541{-
542 (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */-
543 return ssh->remote_port;
never executed: return ssh->remote_port;
0
544}-
545-
546/*-
547 * Returns the IP-address of the local host as a string. The returned-
548 * string must not be freed.-
549 */-
550-
551const char *-
552ssh_local_ipaddr(struct ssh *ssh)-
553{-
554 (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */-
555 return ssh->local_ipaddr;
never executed: return ssh->local_ipaddr;
0
556}-
557-
558/* Returns the port number of the local host. */-
559-
560int-
561ssh_local_port(struct ssh *ssh)-
562{-
563 (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */-
564 return ssh->local_port;
never executed: return ssh->local_port;
0
565}-
566-
567/* Returns the routing domain of the input socket, or NULL if unavailable */-
568const char *-
569ssh_packet_rdomain_in(struct ssh *ssh)-
570{-
571 if (ssh->rdomain_in != NULL)
ssh->rdomain_in != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
572 return ssh->rdomain_in;
never executed: return ssh->rdomain_in;
0
573 if (!ssh_packet_connection_is_on_socket(ssh))
!ssh_packet_co...on_socket(ssh)Description
TRUEnever evaluated
FALSEnever evaluated
0
574 return NULL;
never executed: return ((void *)0) ;
0
575 ssh->rdomain_in = get_rdomain(ssh->state->connection_in);-
576 return ssh->rdomain_in;
never executed: return ssh->rdomain_in;
0
577}-
578-
579/* Closes the connection and clears and frees internal data structures. */-
580-
581static void-
582ssh_packet_close_internal(struct ssh *ssh, int do_close)-
583{-
584 struct session_state *state = ssh->state;-
585 u_int mode;-
586-
587 if (!state->initialized)
!state->initializedDescription
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
588 return;
never executed: return;
0
589 state->initialized = 0;-
590 if (do_close) {
do_closeDescription
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-96
591 if (state->connection_in == state->connection_out) {
state->connect...connection_outDescription
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-96
592 close(state->connection_out);-
593 } else {
executed 96 times by 1 test: end of block
Executed by:
  • test_kex
96
594 close(state->connection_in);-
595 close(state->connection_out);-
596 }
never executed: end of block
0
597 }-
598 sshbuf_free(state->input);-
599 sshbuf_free(state->output);-
600 sshbuf_free(state->outgoing_packet);-
601 sshbuf_free(state->incoming_packet);-
602 for (mode = 0; mode < MODE_MAX; mode++) {
mode < MODE_MAXDescription
TRUEevaluated 192 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
96-192
603 kex_free_newkeys(state->newkeys[mode]); /* current keys */-
604 state->newkeys[mode] = NULL;-
605 ssh_clear_newkeys(ssh, mode); /* next keys */-
606 }
executed 192 times by 1 test: end of block
Executed by:
  • test_kex
192
607 /* compression state is in shared mem, so we can only release it once */-
608 if (do_close && state->compression_buffer) {
do_closeDescription
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
state->compression_bufferDescription
TRUEnever evaluated
FALSEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
0-96
609 sshbuf_free(state->compression_buffer);-
610 if (state->compression_out_started) {
state->compression_out_startedDescription
TRUEnever evaluated
FALSEnever evaluated
0
611 z_streamp stream = &state->compression_out_stream;-
612 debug("compress outgoing: "-
613 "raw data %llu, compressed %llu, factor %.2f",-
614 (unsigned long long)stream->total_in,-
615 (unsigned long long)stream->total_out,-
616 stream->total_in == 0 ? 0.0 :-
617 (double) stream->total_out / stream->total_in);-
618 if (state->compression_out_failures == 0)
state->compres..._failures == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
619 deflateEnd(stream);
never executed: deflateEnd(stream);
0
620 }
never executed: end of block
0
621 if (state->compression_in_started) {
state->compression_in_startedDescription
TRUEnever evaluated
FALSEnever evaluated
0
622 z_streamp stream = &state->compression_in_stream;-
623 debug("compress incoming: "-
624 "raw data %llu, compressed %llu, factor %.2f",-
625 (unsigned long long)stream->total_out,-
626 (unsigned long long)stream->total_in,-
627 stream->total_out == 0 ? 0.0 :-
628 (double) stream->total_in / stream->total_out);-
629 if (state->compression_in_failures == 0)
state->compres..._failures == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
630 inflateEnd(stream);
never executed: inflateEnd(stream);
0
631 }
never executed: end of block
0
632 }
never executed: end of block
0
633 cipher_free(state->send_context);-
634 cipher_free(state->receive_context);-
635 state->send_context = state->receive_context = NULL;-
636 if (do_close) {
do_closeDescription
TRUEevaluated 96 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-96
637 free(ssh->local_ipaddr);-
638 ssh->local_ipaddr = NULL;-
639 free(ssh->remote_ipaddr);-
640 ssh->remote_ipaddr = NULL;-
641 free(ssh->state);-
642 ssh->state = NULL;-
643 }
executed 96 times by 1 test: end of block
Executed by:
  • test_kex
96
644}
executed 96 times by 1 test: end of block
Executed by:
  • test_kex
96
645-
646void-
647ssh_packet_close(struct ssh *ssh)-
648{-
649 ssh_packet_close_internal(ssh, 1);-
650}
executed 96 times by 1 test: end of block
Executed by:
  • test_kex
96
651-
652void-
653ssh_packet_clear_keys(struct ssh *ssh)-
654{-
655 ssh_packet_close_internal(ssh, 0);-
656}
never executed: end of block
0
657-
658/* Sets remote side protocol flags. */-
659-
660void-
661ssh_packet_set_protocol_flags(struct ssh *ssh, u_int protocol_flags)-
662{-
663 ssh->state->remote_protocol_flags = protocol_flags;-
664}
never executed: end of block
0
665-
666/* Returns the remote protocol flags set earlier by the above function. */-
667-
668u_int-
669ssh_packet_get_protocol_flags(struct ssh *ssh)-
670{-
671 return ssh->state->remote_protocol_flags;
never executed: return ssh->state->remote_protocol_flags;
0
672}-
673-
674/*-
675 * Starts packet compression from the next packet on in both directions.-
676 * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.-
677 */-
678-
679static int-
680ssh_packet_init_compression(struct ssh *ssh)-
681{-
682 if (!ssh->state->compression_buffer &&
!ssh->state->c...ression_bufferDescription
TRUEnever evaluated
FALSEnever evaluated
0
683 ((ssh->state->compression_buffer = sshbuf_new()) == NULL))
((ssh->state->... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
684 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
685 return 0;
never executed: return 0;
0
686}-
687-
688static int-
689start_compression_out(struct ssh *ssh, int level)-
690{-
691 if (level < 1 || level > 9)
level < 1Description
TRUEnever evaluated
FALSEnever evaluated
level > 9Description
TRUEnever evaluated
FALSEnever evaluated
0
692 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
693 debug("Enabling compression at level %d.", level);-
694 if (ssh->state->compression_out_started == 1)
ssh->state->co...t_started == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
695 deflateEnd(&ssh->state->compression_out_stream);
never executed: deflateEnd(&ssh->state->compression_out_stream);
0
696 switch (deflateInit(&ssh->state->compression_out_stream, level)) {-
697 case Z_OK:
never executed: case 0 :
0
698 ssh->state->compression_out_started = 1;-
699 break;
never executed: break;
0
700 case Z_MEM_ERROR:
never executed: case (-4) :
0
701 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
702 default:
never executed: default:
0
703 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
704 }-
705 return 0;
never executed: return 0;
0
706}-
707-
708static int-
709start_compression_in(struct ssh *ssh)-
710{-
711 if (ssh->state->compression_in_started == 1)
ssh->state->co...n_started == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
712 inflateEnd(&ssh->state->compression_in_stream);
never executed: inflateEnd(&ssh->state->compression_in_stream);
0
713 switch (inflateInit(&ssh->state->compression_in_stream)) {-
714 case Z_OK:
never executed: case 0 :
0
715 ssh->state->compression_in_started = 1;-
716 break;
never executed: break;
0
717 case Z_MEM_ERROR:
never executed: case (-4) :
0
718 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
719 default:
never executed: default:
0
720 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
721 }-
722 return 0;
never executed: return 0;
0
723}-
724-
725/* XXX remove need for separate compression buffer */-
726static int-
727compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)-
728{-
729 u_char buf[4096];-
730 int r, status;-
731-
732 if (ssh->state->compression_out_started != 1)
ssh->state->co...t_started != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
733 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
734-
735 /* This case is not handled below. */-
736 if (sshbuf_len(in) == 0)
sshbuf_len(in) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
737 return 0;
never executed: return 0;
0
738-
739 /* Input is the contents of the input buffer. */-
740 if ((ssh->state->compression_out_stream.next_in =
(ssh->state->c...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
741 sshbuf_mutable_ptr(in)) == NULL)
(ssh->state->c...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
742 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
743 ssh->state->compression_out_stream.avail_in = sshbuf_len(in);-
744-
745 /* Loop compressing until deflate() returns with avail_out != 0. */-
746 do {-
747 /* Set up fixed-size output buffer. */-
748 ssh->state->compression_out_stream.next_out = buf;-
749 ssh->state->compression_out_stream.avail_out = sizeof(buf);-
750-
751 /* Compress as much data into the buffer as possible. */-
752 status = deflate(&ssh->state->compression_out_stream,-
753 Z_PARTIAL_FLUSH);-
754 switch (status) {-
755 case Z_MEM_ERROR:
never executed: case (-4) :
0
756 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
757 case Z_OK:
never executed: case 0 :
0
758 /* Append compressed data to output_buffer. */-
759 if ((r = sshbuf_put(out, buf, sizeof(buf) -
(r = sshbuf_pu...ail_out)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
760 ssh->state->compression_out_stream.avail_out)) != 0)
(r = sshbuf_pu...ail_out)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
761 return r;
never executed: return r;
0
762 break;
never executed: break;
0
763 case Z_STREAM_ERROR:
never executed: case (-2) :
0
764 default:
never executed: default:
0
765 ssh->state->compression_out_failures++;-
766 return SSH_ERR_INVALID_FORMAT;
never executed: return -4;
0
767 }-
768 } while (ssh->state->compression_out_stream.avail_out == 0);
ssh->state->co...avail_out == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
769 return 0;
never executed: return 0;
0
770}-
771-
772static int-
773uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out)-
774{-
775 u_char buf[4096];-
776 int r, status;-
777-
778 if (ssh->state->compression_in_started != 1)
ssh->state->co...n_started != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
779 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
780-
781 if ((ssh->state->compression_in_stream.next_in =
(ssh->state->c...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
782 sshbuf_mutable_ptr(in)) == NULL)
(ssh->state->c...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
783 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
784 ssh->state->compression_in_stream.avail_in = sshbuf_len(in);-
785-
786 for (;;) {-
787 /* Set up fixed-size output buffer. */-
788 ssh->state->compression_in_stream.next_out = buf;-
789 ssh->state->compression_in_stream.avail_out = sizeof(buf);-
790-
791 status = inflate(&ssh->state->compression_in_stream,-
792 Z_PARTIAL_FLUSH);-
793 switch (status) {-
794 case Z_OK:
never executed: case 0 :
0
795 if ((r = sshbuf_put(out, buf, sizeof(buf) -
(r = sshbuf_pu...ail_out)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
796 ssh->state->compression_in_stream.avail_out)) != 0)
(r = sshbuf_pu...ail_out)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
797 return r;
never executed: return r;
0
798 break;
never executed: break;
0
799 case Z_BUF_ERROR:
never executed: case (-5) :
0
800 /*-
801 * Comments in zlib.h say that we should keep calling-
802 * inflate() until we get an error. This appears to-
803 * be the error that we get.-
804 */-
805 return 0;
never executed: return 0;
0
806 case Z_DATA_ERROR:
never executed: case (-3) :
0
807 return SSH_ERR_INVALID_FORMAT;
never executed: return -4;
0
808 case Z_MEM_ERROR:
never executed: case (-4) :
0
809 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
810 case Z_STREAM_ERROR:
never executed: case (-2) :
0
811 default:
never executed: default:
0
812 ssh->state->compression_in_failures++;-
813 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
814 }-
815 }-
816 /* NOTREACHED */-
817}
never executed: end of block
0
818-
819void-
820ssh_clear_newkeys(struct ssh *ssh, int mode)-
821{-
822 if (ssh->kex && ssh->kex->newkeys[mode]) {
ssh->kexDescription
TRUEevaluated 192 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
ssh->kex->newkeys[mode]Description
TRUEnever evaluated
FALSEevaluated 192 times by 1 test
Evaluated by:
  • test_kex
0-192
823 kex_free_newkeys(ssh->kex->newkeys[mode]);-
824 ssh->kex->newkeys[mode] = NULL;-
825 }
never executed: end of block
0
826}
executed 192 times by 1 test: end of block
Executed by:
  • test_kex
192
827-
828int-
829ssh_set_newkeys(struct ssh *ssh, int mode)-
830{-
831 struct session_state *state = ssh->state;-
832 struct sshenc *enc;-
833 struct sshmac *mac;-
834 struct sshcomp *comp;-
835 struct sshcipher_ctx **ccp;-
836 struct packet_state *ps;-
837 u_int64_t *max_blocks;-
838 const char *wmsg;-
839 int r, crypt_type;-
840-
841 debug2("set_newkeys: mode %d", mode);-
842-
843 if (mode == MODE_OUT) {
mode == MODE_OUTDescription
TRUEevaluated 352 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 352 times by 1 test
Evaluated by:
  • test_kex
352
844 ccp = &state->send_context;-
845 crypt_type = CIPHER_ENCRYPT;-
846 ps = &state->p_send;-
847 max_blocks = &state->max_blocks_out;-
848 } else {
executed 352 times by 1 test: end of block
Executed by:
  • test_kex
352
849 ccp = &state->receive_context;-
850 crypt_type = CIPHER_DECRYPT;-
851 ps = &state->p_read;-
852 max_blocks = &state->max_blocks_in;-
853 }
executed 352 times by 1 test: end of block
Executed by:
  • test_kex
352
854 if (state->newkeys[mode] != NULL) {
state->newkeys...!= ((void *)0)Description
TRUEevaluated 512 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 192 times by 1 test
Evaluated by:
  • test_kex
192-512
855 debug("set_newkeys: rekeying, input %llu bytes %llu blocks, "-
856 "output %llu bytes %llu blocks",-
857 (unsigned long long)state->p_read.bytes,-
858 (unsigned long long)state->p_read.blocks,-
859 (unsigned long long)state->p_send.bytes,-
860 (unsigned long long)state->p_send.blocks);-
861 cipher_free(*ccp);-
862 *ccp = NULL;-
863 kex_free_newkeys(state->newkeys[mode]);-
864 state->newkeys[mode] = NULL;-
865 }
executed 512 times by 1 test: end of block
Executed by:
  • test_kex
512
866 /* note that both bytes and the seqnr are not reset */-
867 ps->packets = ps->blocks = 0;-
868 /* move newkeys from kex to state */-
869 if ((state->newkeys[mode] = ssh->kex->newkeys[mode]) == NULL)
(state->newkey...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
0-704
870 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
871 ssh->kex->newkeys[mode] = NULL;-
872 enc = &state->newkeys[mode]->enc;-
873 mac = &state->newkeys[mode]->mac;-
874 comp = &state->newkeys[mode]->comp;-
875 if (cipher_authlen(enc->cipher) == 0) {
cipher_authlen...->cipher) == 0Description
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
0-704
876 if ((r = mac_init(mac)) != 0)
(r = mac_init(mac)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
877 return r;
never executed: return r;
0
878 }
never executed: end of block
0
879 mac->enabled = 1;-
880 DBG(debug("cipher_init_context: %d", mode));-
881 if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len,
(r = cipher_in...pt_type)) != 0Description
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
0-704
882 enc->iv, enc->iv_len, crypt_type)) != 0)
(r = cipher_in...pt_type)) != 0Description
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
0-704
883 return r;
never executed: return r;
0
884 if (!state->cipher_warning_done &&
!state->cipher_warning_doneDescription
TRUEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-704
885 (wmsg = cipher_warning_message(*ccp)) != NULL) {
(wmsg = cipher...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
0-704
886 error("Warning: %s", wmsg);-
887 state->cipher_warning_done = 1;-
888 }
never executed: end of block
0
889 /* Deleting the keys does not gain extra security */-
890 /* explicit_bzero(enc->iv, enc->block_size);-
891 explicit_bzero(enc->key, enc->key_len);-
892 explicit_bzero(mac->key, mac->key_len); */-
893 if ((comp->type == COMP_ZLIB ||
comp->type == 1Description
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
0-704
894 (comp->type == COMP_DELAYED &&
comp->type == 2Description
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
0-704
895 state->after_authentication)) && comp->enabled == 0) {
state->after_authenticationDescription
TRUEnever evaluated
FALSEnever evaluated
comp->enabled == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
896 if ((r = ssh_packet_init_compression(ssh)) < 0)
(r = ssh_packe...sion(ssh)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
897 return r;
never executed: return r;
0
898 if (mode == MODE_OUT) {
mode == MODE_OUTDescription
TRUEnever evaluated
FALSEnever evaluated
0
899 if ((r = start_compression_out(ssh, 6)) != 0)
(r = start_com...(ssh, 6)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
900 return r;
never executed: return r;
0
901 } else {
never executed: end of block
0
902 if ((r = start_compression_in(ssh)) != 0)
(r = start_com..._in(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
903 return r;
never executed: return r;
0
904 }
never executed: end of block
0
905 comp->enabled = 1;-
906 }
never executed: end of block
0
907 /*-
908 * The 2^(blocksize*2) limit is too expensive for 3DES,-
909 * so enforce a 1GB limit for small blocksizes.-
910 * See RFC4344 section 3.2.-
911 */-
912 if (enc->block_size >= 16)
enc->block_size >= 16Description
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
0-704
913 *max_blocks = (u_int64_t)1 << (enc->block_size*2);
never executed: *max_blocks = (u_int64_t)1 << (enc->block_size*2);
0
914 else-
915 *max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
executed 704 times by 1 test: *max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
Executed by:
  • test_kex
704
916 if (state->rekey_limit)
state->rekey_limitDescription
TRUEnever evaluated
FALSEevaluated 704 times by 1 test
Evaluated by:
  • test_kex
0-704
917 *max_blocks = MINIMUM(*max_blocks,
never executed: *max_blocks = (((*max_blocks) < (state->rekey_limit / enc->block_size)) ? (*max_blocks) : (state->rekey_limit / enc->block_size)) ;
((*max_blocks)...->block_size))Description
TRUEnever evaluated
FALSEnever evaluated
0
918 state->rekey_limit / enc->block_size);
never executed: *max_blocks = (((*max_blocks) < (state->rekey_limit / enc->block_size)) ? (*max_blocks) : (state->rekey_limit / enc->block_size)) ;
0
919 debug("rekey after %llu blocks", (unsigned long long)*max_blocks);-
920 return 0;
executed 704 times by 1 test: return 0;
Executed by:
  • test_kex
704
921}-
922-
923#define MAX_PACKETS (1U<<31)-
924static int-
925ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)-
926{-
927 struct session_state *state = ssh->state;-
928 u_int32_t out_blocks;-
929-
930 /* XXX client can't cope with rekeying pre-auth */-
931 if (!state->after_authentication)
!state->after_authenticationDescription
TRUEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
208-832
932 return 0;
executed 832 times by 1 test: return 0;
Executed by:
  • test_kex
832
933-
934 /* Haven't keyed yet or KEX in progress. */-
935 if (ssh->kex == NULL || ssh_packet_is_rekeying(ssh))
ssh->kex == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
ssh_packet_is_rekeying(ssh)Description
TRUEevaluated 176 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
0-208
936 return 0;
executed 176 times by 1 test: return 0;
Executed by:
  • test_kex
176
937-
938 /* Peer can't rekey */-
939 if (ssh->compat & SSH_BUG_NOREKEY)
ssh->compat & 0x00008000Description
TRUEnever evaluated
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
0-32
940 return 0;
never executed: return 0;
0
941-
942 /*-
943 * Permit one packet in or out per rekey - this allows us to-
944 * make progress when rekey limits are very small.-
945 */-
946 if (state->p_send.packets == 0 && state->p_read.packets == 0)
state->p_send.packets == 0Description
TRUEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
state->p_read.packets == 0Description
TRUEnever evaluated
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
0-32
947 return 0;
never executed: return 0;
0
948-
949 /* Time-based rekeying */-
950 if (state->rekey_interval != 0 &&
state->rekey_interval != 0Description
TRUEnever evaluated
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
0-32
951 (int64_t)state->rekey_time + state->rekey_interval <= monotime())
(int64_t)state... <= monotime()Description
TRUEnever evaluated
FALSEnever evaluated
0
952 return 1;
never executed: return 1;
0
953-
954 /*-
955 * Always rekey when MAX_PACKETS sent in either direction -
956 * As per RFC4344 section 3.1 we do this after 2^31 packets.-
957 */-
958 if (state->p_send.packets > MAX_PACKETS ||
state->p_send....ets > (1U<<31)Description
TRUEnever evaluated
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
0-32
959 state->p_read.packets > MAX_PACKETS)
state->p_read....ets > (1U<<31)Description
TRUEnever evaluated
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
0-32
960 return 1;
never executed: return 1;
0
961-
962 /* Rekey after (cipher-specific) maximum blocks */-
963 out_blocks = ROUNDUP(outbound_packet_len,-
964 state->newkeys[MODE_OUT]->enc.block_size);-
965 return (state->max_blocks_out &&
executed 32 times by 1 test: return (state->max_blocks_out && (state->p_send.blocks + out_blocks > state->max_blocks_out)) || (state->max_blocks_in && (state->p_read.blocks > state->max_blocks_in));
Executed by:
  • test_kex
state->max_blocks_outDescription
TRUEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-32
966 (state->p_send.blocks + out_blocks > state->max_blocks_out)) ||
executed 32 times by 1 test: return (state->max_blocks_out && (state->p_send.blocks + out_blocks > state->max_blocks_out)) || (state->max_blocks_in && (state->p_read.blocks > state->max_blocks_in));
Executed by:
  • test_kex
(state->p_send...ax_blocks_out)Description
TRUEnever evaluated
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
0-32
967 (state->max_blocks_in &&
executed 32 times by 1 test: return (state->max_blocks_out && (state->p_send.blocks + out_blocks > state->max_blocks_out)) || (state->max_blocks_in && (state->p_read.blocks > state->max_blocks_in));
Executed by:
  • test_kex
state->max_blocks_inDescription
TRUEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-32
968 (state->p_read.blocks > state->max_blocks_in));
executed 32 times by 1 test: return (state->max_blocks_out && (state->p_send.blocks + out_blocks > state->max_blocks_out)) || (state->max_blocks_in && (state->p_read.blocks > state->max_blocks_in));
Executed by:
  • test_kex
(state->p_read...max_blocks_in)Description
TRUEnever evaluated
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
0-32
969}-
970-
971/*-
972 * Delayed compression for SSH2 is enabled after authentication:-
973 * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,-
974 * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.-
975 */-
976static int-
977ssh_packet_enable_delayed_compress(struct ssh *ssh)-
978{-
979 struct session_state *state = ssh->state;-
980 struct sshcomp *comp = NULL;-
981 int r, mode;-
982-
983 /*-
984 * Remember that we are past the authentication step, so rekeying-
985 * with COMP_DELAYED will turn on compression immediately.-
986 */-
987 state->after_authentication = 1;-
988 for (mode = 0; mode < MODE_MAX; mode++) {
mode < MODE_MAXDescription
TRUEevaluated 64 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
32-64
989 /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */-
990 if (state->newkeys[mode] == NULL)
state->newkeys...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • test_kex
0-64
991 continue;
never executed: continue;
0
992 comp = &state->newkeys[mode]->comp;-
993 if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
compDescription
TRUEevaluated 64 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
!comp->enabledDescription
TRUEevaluated 64 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
comp->type == 2Description
TRUEnever evaluated
FALSEevaluated 64 times by 1 test
Evaluated by:
  • test_kex
0-64
994 if ((r = ssh_packet_init_compression(ssh)) != 0)
(r = ssh_packe...ion(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
995 return r;
never executed: return r;
0
996 if (mode == MODE_OUT) {
mode == MODE_OUTDescription
TRUEnever evaluated
FALSEnever evaluated
0
997 if ((r = start_compression_out(ssh, 6)) != 0)
(r = start_com...(ssh, 6)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
998 return r;
never executed: return r;
0
999 } else {
never executed: end of block
0
1000 if ((r = start_compression_in(ssh)) != 0)
(r = start_com..._in(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1001 return r;
never executed: return r;
0
1002 }
never executed: end of block
0
1003 comp->enabled = 1;-
1004 }
never executed: end of block
0
1005 }
executed 64 times by 1 test: end of block
Executed by:
  • test_kex
64
1006 return 0;
executed 32 times by 1 test: return 0;
Executed by:
  • test_kex
32
1007}-
1008-
1009/* Used to mute debug logging for noisy packet types */-
1010int-
1011ssh_packet_log_type(u_char type)-
1012{-
1013 switch (type) {-
1014 case SSH2_MSG_CHANNEL_DATA:
never executed: case 94:
0
1015 case SSH2_MSG_CHANNEL_EXTENDED_DATA:
never executed: case 95:
0
1016 case SSH2_MSG_CHANNEL_WINDOW_ADJUST:
never executed: case 93:
0
1017 return 0;
never executed: return 0;
0
1018 default:
executed 2080 times by 1 test: default:
Executed by:
  • test_kex
2080
1019 return 1;
executed 2080 times by 1 test: return 1;
Executed by:
  • test_kex
2080
1020 }-
1021}-
1022-
1023/*-
1024 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)-
1025 */-
1026int-
1027ssh_packet_send2_wrapped(struct ssh *ssh)-
1028{-
1029 struct session_state *state = ssh->state;-
1030 u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH];-
1031 u_char tmp, padlen, pad = 0;-
1032 u_int authlen = 0, aadlen = 0;-
1033 u_int len;-
1034 struct sshenc *enc = NULL;-
1035 struct sshmac *mac = NULL;-
1036 struct sshcomp *comp = NULL;-
1037 int r, block_size;-
1038-
1039 if (state->newkeys[MODE_OUT] != NULL) {
state->newkeys...!= ((void *)0)Description
TRUEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
208-832
1040 enc = &state->newkeys[MODE_OUT]->enc;-
1041 mac = &state->newkeys[MODE_OUT]->mac;-
1042 comp = &state->newkeys[MODE_OUT]->comp;-
1043 /* disable mac for authenticated encryption */-
1044 if ((authlen = cipher_authlen(enc->cipher)) != 0)
(authlen = cip...>cipher)) != 0Description
TRUEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-832
1045 mac = NULL;
executed 832 times by 1 test: mac = ((void *)0) ;
Executed by:
  • test_kex
832
1046 }
executed 832 times by 1 test: end of block
Executed by:
  • test_kex
832
1047 block_size = enc ? enc->block_size : 8;
encDescription
TRUEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
208-832
1048 aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
macDescription
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
mac->enabledDescription
TRUEnever evaluated
FALSEnever evaluated
mac->etmDescription
TRUEnever evaluated
FALSEnever evaluated
authlenDescription
TRUEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
0-1040
1049-
1050 type = (sshbuf_ptr(state->outgoing_packet))[5];-
1051 if (ssh_packet_log_type(type))
ssh_packet_log_type(type)Description
TRUEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-1040
1052 debug3("send packet: type %u", type);
executed 1040 times by 1 test: debug3("send packet: type %u", type);
Executed by:
  • test_kex
1040
1053#ifdef PACKET_DEBUG-
1054 fprintf(stderr, "plain: ");-
1055 sshbuf_dump(state->outgoing_packet, stderr);-
1056#endif-
1057-
1058 if (comp && comp->enabled) {
compDescription
TRUEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
comp->enabledDescription
TRUEnever evaluated
FALSEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
0-832
1059 len = sshbuf_len(state->outgoing_packet);-
1060 /* skip header, compress only payload */-
1061 if ((r = sshbuf_consume(state->outgoing_packet, 5)) != 0)
(r = sshbuf_co...cket, 5)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1062 goto out;
never executed: goto out;
0
1063 sshbuf_reset(state->compression_buffer);-
1064 if ((r = compress_buffer(ssh, state->outgoing_packet,
(r = compress_..._buffer)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1065 state->compression_buffer)) != 0)
(r = compress_..._buffer)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1066 goto out;
never executed: goto out;
0
1067 sshbuf_reset(state->outgoing_packet);-
1068 if ((r = sshbuf_put(state->outgoing_packet,
(r = sshbuf_pu...0\0", 5)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1069 "\0\0\0\0\0", 5)) != 0 ||
(r = sshbuf_pu...0\0", 5)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1070 (r = sshbuf_putb(state->outgoing_packet,
(r = sshbuf_pu..._buffer)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1071 state->compression_buffer)) != 0)
(r = sshbuf_pu..._buffer)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1072 goto out;
never executed: goto out;
0
1073 DBG(debug("compression: raw %d compressed %zd", len,-
1074 sshbuf_len(state->outgoing_packet)));-
1075 }
never executed: end of block
0
1076-
1077 /* sizeof (packet_len + pad_len + payload) */-
1078 len = sshbuf_len(state->outgoing_packet);-
1079-
1080 /*-
1081 * calc size of padding, alloc space, get random data,-
1082 * minimum padding is 4 bytes-
1083 */-
1084 len -= aadlen; /* packet length is not encrypted for EtM modes */-
1085 padlen = block_size - (len % block_size);-
1086 if (padlen < 4)
padlen < 4Description
TRUEevaluated 332 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 708 times by 1 test
Evaluated by:
  • test_kex
332-708
1087 padlen += block_size;
executed 332 times by 1 test: padlen += block_size;
Executed by:
  • test_kex
332
1088 if (state->extra_pad) {
state->extra_padDescription
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1089 tmp = state->extra_pad;-
1090 state->extra_pad =-
1091 ROUNDUP(state->extra_pad, block_size);-
1092 /* check if roundup overflowed */-
1093 if (state->extra_pad < tmp)
state->extra_pad < tmpDescription
TRUEnever evaluated
FALSEnever evaluated
0
1094 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
1095 tmp = (len + padlen) % state->extra_pad;-
1096 /* Check whether pad calculation below will underflow */-
1097 if (tmp > state->extra_pad)
tmp > state->extra_padDescription
TRUEnever evaluated
FALSEnever evaluated
0
1098 return SSH_ERR_INVALID_ARGUMENT;
never executed: return -10;
0
1099 pad = state->extra_pad - tmp;-
1100 DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)",-
1101 __func__, pad, len, padlen, state->extra_pad));-
1102 tmp = padlen;-
1103 padlen += pad;-
1104 /* Check whether padlen calculation overflowed */-
1105 if (padlen < tmp)
padlen < tmpDescription
TRUEnever evaluated
FALSEnever evaluated
0
1106 return SSH_ERR_INVALID_ARGUMENT; /* overflow */
never executed: return -10;
0
1107 state->extra_pad = 0;-
1108 }
never executed: end of block
0
1109 if ((r = sshbuf_reserve(state->outgoing_packet, padlen, &cp)) != 0)
(r = sshbuf_re...en, &cp)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1110 goto out;
never executed: goto out;
0
1111 if (enc && !cipher_ctx_is_plaintext(state->send_context)) {
encDescription
TRUEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
!cipher_ctx_is...>send_context)Description
TRUEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-832
1112 /* random padding */-
1113 arc4random_buf(cp, padlen);-
1114 } else {
executed 832 times by 1 test: end of block
Executed by:
  • test_kex
832
1115 /* clear padding */-
1116 explicit_bzero(cp, padlen);-
1117 }
executed 208 times by 1 test: end of block
Executed by:
  • test_kex
208
1118 /* sizeof (packet_len + pad_len + payload + padding) */-
1119 len = sshbuf_len(state->outgoing_packet);-
1120 cp = sshbuf_mutable_ptr(state->outgoing_packet);-
1121 if (cp == NULL) {
cp == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1122 r = SSH_ERR_INTERNAL_ERROR;-
1123 goto out;
never executed: goto out;
0
1124 }-
1125 /* packet_length includes payload, padding and padding length field */-
1126 POKE_U32(cp, len - 4);-
1127 cp[4] = padlen;-
1128 DBG(debug("send: len %d (includes padlen %d, aadlen %d)",-
1129 len, padlen, aadlen));-
1130-
1131 /* compute MAC over seqnr and packet(length fields, payload, padding) */-
1132 if (mac && mac->enabled && !mac->etm) {
macDescription
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
mac->enabledDescription
TRUEnever evaluated
FALSEnever evaluated
!mac->etmDescription
TRUEnever evaluated
FALSEnever evaluated
0-1040
1133 if ((r = mac_compute(mac, state->p_send.seqnr,
(r = mac_compu...macbuf))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1134 sshbuf_ptr(state->outgoing_packet), len,
(r = mac_compu...macbuf))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1135 macbuf, sizeof(macbuf))) != 0)
(r = mac_compu...macbuf))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1136 goto out;
never executed: goto out;
0
1137 DBG(debug("done calc MAC out #%d", state->p_send.seqnr));-
1138 }
never executed: end of block
0
1139 /* encrypt packet and append to output buffer. */-
1140 if ((r = sshbuf_reserve(state->output,
(r = sshbuf_re...en, &cp)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1141 sshbuf_len(state->outgoing_packet) + authlen, &cp)) != 0)
(r = sshbuf_re...en, &cp)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1142 goto out;
never executed: goto out;
0
1143 if ((r = cipher_crypt(state->send_context, state->p_send.seqnr, cp,
(r = cipher_cr...authlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1144 sshbuf_ptr(state->outgoing_packet),
(r = cipher_cr...authlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1145 len - aadlen, aadlen, authlen)) != 0)
(r = cipher_cr...authlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1146 goto out;
never executed: goto out;
0
1147 /* append unencrypted MAC */-
1148 if (mac && mac->enabled) {
macDescription
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
mac->enabledDescription
TRUEnever evaluated
FALSEnever evaluated
0-1040
1149 if (mac->etm) {
mac->etmDescription
TRUEnever evaluated
FALSEnever evaluated
0
1150 /* EtM: compute mac over aadlen + cipher text */-
1151 if ((r = mac_compute(mac, state->p_send.seqnr,
(r = mac_compu...macbuf))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1152 cp, len, macbuf, sizeof(macbuf))) != 0)
(r = mac_compu...macbuf))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1153 goto out;
never executed: goto out;
0
1154 DBG(debug("done calc MAC(EtM) out #%d",-
1155 state->p_send.seqnr));-
1156 }
never executed: end of block
0
1157 if ((r = sshbuf_put(state->output, macbuf, mac->mac_len)) != 0)
(r = sshbuf_pu...mac_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1158 goto out;
never executed: goto out;
0
1159 }
never executed: end of block
0
1160#ifdef PACKET_DEBUG-
1161 fprintf(stderr, "encrypted: ");-
1162 sshbuf_dump(state->output, stderr);-
1163#endif-
1164 /* increment sequence number for outgoing packets */-
1165 if (++state->p_send.seqnr == 0)
++state->p_send.seqnr == 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1166 logit("outgoing seqnr wraps around");
never executed: logit("outgoing seqnr wraps around");
0
1167 if (++state->p_send.packets == 0)
++state->p_send.packets == 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1168 if (!(ssh->compat & SSH_BUG_NOREKEY))
!(ssh->compat & 0x00008000)Description
TRUEnever evaluated
FALSEnever evaluated
0
1169 return SSH_ERR_NEED_REKEY;
never executed: return -39;
0
1170 state->p_send.blocks += len / block_size;-
1171 state->p_send.bytes += len;-
1172 sshbuf_reset(state->outgoing_packet);-
1173-
1174 if (type == SSH2_MSG_NEWKEYS)
type == 21Description
TRUEevaluated 320 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 720 times by 1 test
Evaluated by:
  • test_kex
320-720
1175 r = ssh_set_newkeys(ssh, MODE_OUT);
executed 320 times by 1 test: r = ssh_set_newkeys(ssh, MODE_OUT);
Executed by:
  • test_kex
320
1176 else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side)
type == 52Description
TRUEnever evaluated
FALSEevaluated 720 times by 1 test
Evaluated by:
  • test_kex
state->server_sideDescription
TRUEnever evaluated
FALSEnever evaluated
0-720
1177 r = ssh_packet_enable_delayed_compress(ssh);
never executed: r = ssh_packet_enable_delayed_compress(ssh);
0
1178 else-
1179 r = 0;
executed 720 times by 1 test: r = 0;
Executed by:
  • test_kex
720
1180 out:
code before this statement executed 1040 times by 1 test: out:
Executed by:
  • test_kex
1040
1181 return r;
executed 1040 times by 1 test: return r;
Executed by:
  • test_kex
1040
1182}-
1183-
1184/* returns non-zero if the specified packet type is usec by KEX */-
1185static int-
1186ssh_packet_type_is_kex(u_char type)-
1187{-
1188 return
executed 1824 times by 1 test: return type >= 1 && type <= 49 && type != 5 && type != 6 && type != 7;
Executed by:
  • test_kex
1824
1189 type >= SSH2_MSG_TRANSPORT_MIN &&
executed 1824 times by 1 test: return type >= 1 && type <= 49 && type != 5 && type != 6 && type != 7;
Executed by:
  • test_kex
type >= 1Description
TRUEevaluated 1824 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-1824
1190 type <= SSH2_MSG_TRANSPORT_MAX &&
executed 1824 times by 1 test: return type >= 1 && type <= 49 && type != 5 && type != 6 && type != 7;
Executed by:
  • test_kex
type <= 49Description
TRUEevaluated 1824 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-1824
1191 type != SSH2_MSG_SERVICE_REQUEST &&
executed 1824 times by 1 test: return type >= 1 && type <= 49 && type != 5 && type != 6 && type != 7;
Executed by:
  • test_kex
type != 5Description
TRUEevaluated 1824 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-1824
1192 type != SSH2_MSG_SERVICE_ACCEPT &&
executed 1824 times by 1 test: return type >= 1 && type <= 49 && type != 5 && type != 6 && type != 7;
Executed by:
  • test_kex
type != 6Description
TRUEevaluated 1824 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-1824
1193 type != SSH2_MSG_EXT_INFO;
executed 1824 times by 1 test: return type >= 1 && type <= 49 && type != 5 && type != 6 && type != 7;
Executed by:
  • test_kex
type != 7Description
TRUEevaluated 1824 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-1824
1194}-
1195-
1196int-
1197ssh_packet_send2(struct ssh *ssh)-
1198{-
1199 struct session_state *state = ssh->state;-
1200 struct packet *p;-
1201 u_char type;-
1202 int r, need_rekey;-
1203-
1204 if (sshbuf_len(state->outgoing_packet) < 6)
sshbuf_len(sta...ng_packet) < 6Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1205 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
1206 type = sshbuf_ptr(state->outgoing_packet)[5];-
1207 need_rekey = !ssh_packet_type_is_kex(type) &&
!ssh_packet_type_is_kex(type)Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1208 ssh_packet_need_rekeying(ssh, sshbuf_len(state->outgoing_packet));
ssh_packet_nee...going_packet))Description
TRUEnever evaluated
FALSEnever evaluated
0
1209-
1210 /*-
1211 * During rekeying we can only send key exchange messages.-
1212 * Queue everything else.-
1213 */-
1214 if ((need_rekey || state->rekeying) && !ssh_packet_type_is_kex(type)) {
need_rekeyDescription
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
state->rekeyingDescription
TRUEevaluated 784 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 256 times by 1 test
Evaluated by:
  • test_kex
!ssh_packet_type_is_kex(type)Description
TRUEnever evaluated
FALSEevaluated 784 times by 1 test
Evaluated by:
  • test_kex
0-1040
1215 if (need_rekey)
need_rekeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
1216 debug3("%s: rekex triggered", __func__);
never executed: debug3("%s: rekex triggered", __func__);
0
1217 debug("enqueue packet: %u", type);-
1218 p = calloc(1, sizeof(*p));-
1219 if (p == NULL)
p == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1220 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
1221 p->type = type;-
1222 p->payload = state->outgoing_packet;-
1223 TAILQ_INSERT_TAIL(&state->outgoing, p, next);-
1224 state->outgoing_packet = sshbuf_new();-
1225 if (state->outgoing_packet == NULL)
state->outgoin...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1226 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
1227 if (need_rekey) {
need_rekeyDescription
TRUEnever evaluated
FALSEnever evaluated
0
1228 /*-
1229 * This packet triggered a rekey, so send the-
1230 * KEXINIT now.-
1231 * NB. reenters this function via kex_start_rekex().-
1232 */-
1233 return kex_start_rekex(ssh);
never executed: return kex_start_rekex(ssh);
0
1234 }-
1235 return 0;
never executed: return 0;
0
1236 }-
1237-
1238 /* rekeying starts with sending KEXINIT */-
1239 if (type == SSH2_MSG_KEXINIT)
type == 20Description
TRUEevaluated 320 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 720 times by 1 test
Evaluated by:
  • test_kex
320-720
1240 state->rekeying = 1;
executed 320 times by 1 test: state->rekeying = 1;
Executed by:
  • test_kex
320
1241-
1242 if ((r = ssh_packet_send2_wrapped(ssh)) != 0)
(r = ssh_packe...ped(ssh)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1243 return r;
never executed: return r;
0
1244-
1245 /* after a NEWKEYS message we can send the complete queue */-
1246 if (type == SSH2_MSG_NEWKEYS) {
type == 21Description
TRUEevaluated 320 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 720 times by 1 test
Evaluated by:
  • test_kex
320-720
1247 state->rekeying = 0;-
1248 state->rekey_time = monotime();-
1249 while ((p = TAILQ_FIRST(&state->outgoing))) {
(p = ((&state-...)->tqh_first))Description
TRUEnever evaluated
FALSEevaluated 320 times by 1 test
Evaluated by:
  • test_kex
0-320
1250 type = p->type;-
1251 /*-
1252 * If this packet triggers a rekex, then skip the-
1253 * remaining packets in the queue for now.-
1254 * NB. re-enters this function via kex_start_rekex.-
1255 */-
1256 if (ssh_packet_need_rekeying(ssh,
ssh_packet_nee...n(p->payload))Description
TRUEnever evaluated
FALSEnever evaluated
0
1257 sshbuf_len(p->payload))) {
ssh_packet_nee...n(p->payload))Description
TRUEnever evaluated
FALSEnever evaluated
0
1258 debug3("%s: queued packet triggered rekex",-
1259 __func__);-
1260 return kex_start_rekex(ssh);
never executed: return kex_start_rekex(ssh);
0
1261 }-
1262 debug("dequeue packet: %u", type);-
1263 sshbuf_free(state->outgoing_packet);-
1264 state->outgoing_packet = p->payload;-
1265 TAILQ_REMOVE(&state->outgoing, p, next);
never executed: (p)->next.tqe_next->next.tqe_prev = (p)->next.tqe_prev;
never executed: (&state->outgoing)->tqh_last = (p)->next.tqe_prev;
((p)->next.tqe...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1266 memset(p, 0, sizeof(*p));-
1267 free(p);-
1268 if ((r = ssh_packet_send2_wrapped(ssh)) != 0)
(r = ssh_packe...ped(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1269 return r;
never executed: return r;
0
1270 }
never executed: end of block
0
1271 }
executed 320 times by 1 test: end of block
Executed by:
  • test_kex
320
1272 return 0;
executed 1040 times by 1 test: return 0;
Executed by:
  • test_kex
1040
1273}-
1274-
1275/*-
1276 * Waits until a packet has been received, and returns its type. Note that-
1277 * no other data is processed until this returns, so this function should not-
1278 * be used during the interactive session.-
1279 */-
1280-
1281int-
1282ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)-
1283{-
1284 struct session_state *state = ssh->state;-
1285 int len, r, ms_remain;-
1286 fd_set *setp;-
1287 char buf[8192];-
1288 struct timeval timeout, start, *timeoutp = NULL;-
1289-
1290 DBG(debug("packet_read()"));-
1291-
1292 setp = calloc(howmany(state->connection_in + 1,-
1293 NFDBITS), sizeof(fd_mask));-
1294 if (setp == NULL)
setp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1295 return SSH_ERR_ALLOC_FAIL;
never executed: return -2;
0
1296-
1297 /*-
1298 * Since we are blocking, ensure that all written packets have-
1299 * been sent.-
1300 */-
1301 if ((r = ssh_packet_write_wait(ssh)) != 0)
(r = ssh_packe...ait(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1302 goto out;
never executed: goto out;
0
1303-
1304 /* Stay in the loop until we have received a complete packet. */-
1305 for (;;) {-
1306 /* Try to read a packet from the buffer. */-
1307 r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p);-
1308 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1309 break;
never executed: break;
0
1310 /* If we got a packet, return it. */-
1311 if (*typep != SSH_MSG_NONE)
*typep != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1312 break;
never executed: break;
0
1313 /*-
1314 * Otherwise, wait for some data to arrive, add it to the-
1315 * buffer, and try again.-
1316 */-
1317 memset(setp, 0, howmany(state->connection_in + 1,-
1318 NFDBITS) * sizeof(fd_mask));-
1319 FD_SET(state->connection_in, setp);-
1320-
1321 if (state->packet_timeout_ms > 0) {
state->packet_timeout_ms > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1322 ms_remain = state->packet_timeout_ms;-
1323 timeoutp = &timeout;-
1324 }
never executed: end of block
0
1325 /* Wait for some data to arrive. */-
1326 for (;;) {-
1327 if (state->packet_timeout_ms != -1) {
state->packet_timeout_ms != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1328 ms_to_timeval(&timeout, ms_remain);-
1329 monotime_tv(&start);-
1330 }
never executed: end of block
0
1331 if ((r = select(state->connection_in + 1, setp,
(r = select(st...imeoutp)) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1332 NULL, NULL, timeoutp)) >= 0)
(r = select(st...imeoutp)) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1333 break;
never executed: break;
0
1334 if (errno != EAGAIN && errno != EINTR &&
(*__errno_location ()) != 11Description
TRUEnever evaluated
FALSEnever evaluated
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1335 errno != EWOULDBLOCK) {
(*__errno_location ()) != 11Description
TRUEnever evaluated
FALSEnever evaluated
0
1336 r = SSH_ERR_SYSTEM_ERROR;-
1337 goto out;
never executed: goto out;
0
1338 }-
1339 if (state->packet_timeout_ms == -1)
state->packet_timeout_ms == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1340 continue;
never executed: continue;
0
1341 ms_subtract_diff(&start, &ms_remain);-
1342 if (ms_remain <= 0) {
ms_remain <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1343 r = 0;-
1344 break;
never executed: break;
0
1345 }-
1346 }
never executed: end of block
0
1347 if (r == 0) {
r == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1348 r = SSH_ERR_CONN_TIMEOUT;-
1349 goto out;
never executed: goto out;
0
1350 }-
1351 /* Read data from the socket. */-
1352 len = read(state->connection_in, buf, sizeof(buf));-
1353 if (len == 0) {
len == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1354 r = SSH_ERR_CONN_CLOSED;-
1355 goto out;
never executed: goto out;
0
1356 }-
1357 if (len < 0) {
len < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1358 r = SSH_ERR_SYSTEM_ERROR;-
1359 goto out;
never executed: goto out;
0
1360 }-
1361-
1362 /* Append it to the buffer. */-
1363 if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0)
(r = ssh_packe...uf, len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1364 goto out;
never executed: goto out;
0
1365 }
never executed: end of block
0
1366 out:
code before this statement never executed: out:
0
1367 free(setp);-
1368 return r;
never executed: return r;
0
1369}-
1370-
1371int-
1372ssh_packet_read(struct ssh *ssh)-
1373{-
1374 u_char type;-
1375 int r;-
1376-
1377 if ((r = ssh_packet_read_seqnr(ssh, &type, NULL)) != 0)
(r = ssh_packe...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1378 fatal("%s: %s", __func__, ssh_err(r));
never executed: fatal("%s: %s", __func__, ssh_err(r));
0
1379 return type;
never executed: return type;
0
1380}-
1381-
1382/*-
1383 * Waits until a packet has been received, verifies that its type matches-
1384 * that given, and gives a fatal error and exits if there is a mismatch.-
1385 */-
1386-
1387int-
1388ssh_packet_read_expect(struct ssh *ssh, u_int expected_type)-
1389{-
1390 int r;-
1391 u_char type;-
1392-
1393 if ((r = ssh_packet_read_seqnr(ssh, &type, NULL)) != 0)
(r = ssh_packe...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1394 return r;
never executed: return r;
0
1395 if (type != expected_type) {
type != expected_typeDescription
TRUEnever evaluated
FALSEnever evaluated
0
1396 if ((r = sshpkt_disconnect(ssh,
(r = sshpkt_di...e, type)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1397 "Protocol error: expected packet type %d, got %d",
(r = sshpkt_di...e, type)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1398 expected_type, type)) != 0)
(r = sshpkt_di...e, type)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1399 return r;
never executed: return r;
0
1400 return SSH_ERR_PROTOCOL_ERROR;
never executed: return -55;
0
1401 }-
1402 return 0;
never executed: return 0;
0
1403}-
1404-
1405static int-
1406ssh_packet_read_poll2_mux(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)-
1407{-
1408 struct session_state *state = ssh->state;-
1409 const u_char *cp;-
1410 size_t need;-
1411 int r;-
1412-
1413 if (ssh->kex)
ssh->kexDescription
TRUEnever evaluated
FALSEnever evaluated
0
1414 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
1415 *typep = SSH_MSG_NONE;-
1416 cp = sshbuf_ptr(state->input);-
1417 if (state->packlen == 0) {
state->packlen == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1418 if (sshbuf_len(state->input) < 4 + 1)
sshbuf_len(sta...input) < 4 + 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1419 return 0; /* packet is incomplete */
never executed: return 0;
0
1420 state->packlen = PEEK_U32(cp);-
1421 if (state->packlen < 4 + 1 ||
state->packlen < 4 + 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1422 state->packlen > PACKET_MAX_SIZE)
state->packlen > (256 * 1024)Description
TRUEnever evaluated
FALSEnever evaluated
0
1423 return SSH_ERR_MESSAGE_INCOMPLETE;
never executed: return -3;
0
1424 }
never executed: end of block
0
1425 need = state->packlen + 4;-
1426 if (sshbuf_len(state->input) < need)
sshbuf_len(sta...>input) < needDescription
TRUEnever evaluated
FALSEnever evaluated
0
1427 return 0; /* packet is incomplete */
never executed: return 0;
0
1428 sshbuf_reset(state->incoming_packet);-
1429 if ((r = sshbuf_put(state->incoming_packet, cp + 4,
(r = sshbuf_pu...packlen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1430 state->packlen)) != 0 ||
(r = sshbuf_pu...packlen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1431 (r = sshbuf_consume(state->input, need)) != 0 ||
(r = sshbuf_co...t, need)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1432 (r = sshbuf_get_u8(state->incoming_packet, NULL)) != 0 ||
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1433 (r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
(r = sshbuf_ge..., typep)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1434 return r;
never executed: return r;
0
1435 if (ssh_packet_log_type(*typep))
ssh_packet_log_type(*typep)Description
TRUEnever evaluated
FALSEnever evaluated
0
1436 debug3("%s: type %u", __func__, *typep);
never executed: debug3("%s: type %u", __func__, *typep);
0
1437 /* sshbuf_dump(state->incoming_packet, stderr); */-
1438 /* reset for next packet */-
1439 state->packlen = 0;-
1440 return r;
never executed: return r;
0
1441}-
1442-
1443int-
1444ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)-
1445{-
1446 struct session_state *state = ssh->state;-
1447 u_int padlen, need;-
1448 u_char *cp;-
1449 u_int maclen, aadlen = 0, authlen = 0, block_size;-
1450 struct sshenc *enc = NULL;-
1451 struct sshmac *mac = NULL;-
1452 struct sshcomp *comp = NULL;-
1453 int r;-
1454-
1455 if (state->mux)
state->muxDescription
TRUEnever evaluated
FALSEevaluated 2992 times by 1 test
Evaluated by:
  • test_kex
0-2992
1456 return ssh_packet_read_poll2_mux(ssh, typep, seqnr_p);
never executed: return ssh_packet_read_poll2_mux(ssh, typep, seqnr_p);
0
1457-
1458 *typep = SSH_MSG_NONE;-
1459-
1460 if (state->packet_discard)
state->packet_discardDescription
TRUEnever evaluated
FALSEevaluated 2992 times by 1 test
Evaluated by:
  • test_kex
0-2992
1461 return 0;
never executed: return 0;
0
1462-
1463 if (state->newkeys[MODE_IN] != NULL) {
state->newkeys...!= ((void *)0)Description
TRUEevaluated 2560 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 432 times by 1 test
Evaluated by:
  • test_kex
432-2560
1464 enc = &state->newkeys[MODE_IN]->enc;-
1465 mac = &state->newkeys[MODE_IN]->mac;-
1466 comp = &state->newkeys[MODE_IN]->comp;-
1467 /* disable mac for authenticated encryption */-
1468 if ((authlen = cipher_authlen(enc->cipher)) != 0)
(authlen = cip...>cipher)) != 0Description
TRUEevaluated 2560 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-2560
1469 mac = NULL;
executed 2560 times by 1 test: mac = ((void *)0) ;
Executed by:
  • test_kex
2560
1470 }
executed 2560 times by 1 test: end of block
Executed by:
  • test_kex
2560
1471 maclen = mac && mac->enabled ? mac->mac_len : 0;
macDescription
TRUEnever evaluated
FALSEevaluated 2992 times by 1 test
Evaluated by:
  • test_kex
mac->enabledDescription
TRUEnever evaluated
FALSEnever evaluated
0-2992
1472 block_size = enc ? enc->block_size : 8;
encDescription
TRUEevaluated 2560 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 432 times by 1 test
Evaluated by:
  • test_kex
432-2560
1473 aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
macDescription
TRUEnever evaluated
FALSEevaluated 2992 times by 1 test
Evaluated by:
  • test_kex
mac->enabledDescription
TRUEnever evaluated
FALSEnever evaluated
mac->etmDescription
TRUEnever evaluated
FALSEnever evaluated
authlenDescription
TRUEevaluated 2560 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 432 times by 1 test
Evaluated by:
  • test_kex
0-2992
1474-
1475 if (aadlen && state->packlen == 0) {
aadlenDescription
TRUEevaluated 2560 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 432 times by 1 test
Evaluated by:
  • test_kex
state->packlen == 0Description
TRUEevaluated 2560 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-2560
1476 if (cipher_get_length(state->receive_context,
cipher_get_len...->input)) != 0Description
TRUEevaluated 1728 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
832-1728
1477 &state->packlen, state->p_read.seqnr,
cipher_get_len...->input)) != 0Description
TRUEevaluated 1728 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
832-1728
1478 sshbuf_ptr(state->input), sshbuf_len(state->input)) != 0)
cipher_get_len...->input)) != 0Description
TRUEevaluated 1728 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
832-1728
1479 return 0;
executed 1728 times by 1 test: return 0;
Executed by:
  • test_kex
1728
1480 if (state->packlen < 1 + 4 ||
state->packlen < 1 + 4Description
TRUEnever evaluated
FALSEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
0-832
1481 state->packlen > PACKET_MAX_SIZE) {
state->packlen > (256 * 1024)Description
TRUEnever evaluated
FALSEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
0-832
1482#ifdef PACKET_DEBUG-
1483 sshbuf_dump(state->input, stderr);-
1484#endif-
1485 logit("Bad packet length %u.", state->packlen);-
1486 if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0)
(r = sshpkt_di...orrupt")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1487 return r;
never executed: return r;
0
1488 return SSH_ERR_CONN_CORRUPT;
never executed: return -54;
0
1489 }-
1490 sshbuf_reset(state->incoming_packet);-
1491 } else if (state->packlen == 0) {
executed 832 times by 1 test: end of block
Executed by:
  • test_kex
state->packlen == 0Description
TRUEevaluated 432 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-832
1492 /*-
1493 * check if input size is less than the cipher block size,-
1494 * decrypt first block and extract length of incoming packet-
1495 */-
1496 if (sshbuf_len(state->input) < block_size)
sshbuf_len(sta...) < block_sizeDescription
TRUEevaluated 224 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
208-224
1497 return 0;
executed 224 times by 1 test: return 0;
Executed by:
  • test_kex
224
1498 sshbuf_reset(state->incoming_packet);-
1499 if ((r = sshbuf_reserve(state->incoming_packet, block_size,
(r = sshbuf_re...ze, &cp)) != 0Description
TRUEnever evaluated
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
0-208
1500 &cp)) != 0)
(r = sshbuf_re...ze, &cp)) != 0Description
TRUEnever evaluated
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
0-208
1501 goto out;
never executed: goto out;
0
1502 if ((r = cipher_crypt(state->receive_context,
(r = cipher_cr...e, 0, 0)) != 0Description
TRUEnever evaluated
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
0-208
1503 state->p_send.seqnr, cp, sshbuf_ptr(state->input),
(r = cipher_cr...e, 0, 0)) != 0Description
TRUEnever evaluated
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
0-208
1504 block_size, 0, 0)) != 0)
(r = cipher_cr...e, 0, 0)) != 0Description
TRUEnever evaluated
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
0-208
1505 goto out;
never executed: goto out;
0
1506 state->packlen = PEEK_U32(sshbuf_ptr(state->incoming_packet));-
1507 if (state->packlen < 1 + 4 ||
state->packlen < 1 + 4Description
TRUEnever evaluated
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
0-208
1508 state->packlen > PACKET_MAX_SIZE) {
state->packlen > (256 * 1024)Description
TRUEnever evaluated
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
0-208
1509#ifdef PACKET_DEBUG-
1510 fprintf(stderr, "input: \n");-
1511 sshbuf_dump(state->input, stderr);-
1512 fprintf(stderr, "incoming_packet: \n");-
1513 sshbuf_dump(state->incoming_packet, stderr);-
1514#endif-
1515 logit("Bad packet length %u.", state->packlen);-
1516 return ssh_packet_start_discard(ssh, enc, mac, 0,
never executed: return ssh_packet_start_discard(ssh, enc, mac, 0, (256 * 1024));
0
1517 PACKET_MAX_SIZE);
never executed: return ssh_packet_start_discard(ssh, enc, mac, 0, (256 * 1024));
0
1518 }-
1519 if ((r = sshbuf_consume(state->input, block_size)) != 0)
(r = sshbuf_co...ck_size)) != 0Description
TRUEnever evaluated
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
0-208
1520 goto out;
never executed: goto out;
0
1521 }
executed 208 times by 1 test: end of block
Executed by:
  • test_kex
208
1522 DBG(debug("input: packet len %u", state->packlen+4));-
1523-
1524 if (aadlen) {
aadlenDescription
TRUEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
208-832
1525 /* only the payload is encrypted */-
1526 need = state->packlen;-
1527 } else {
executed 832 times by 1 test: end of block
Executed by:
  • test_kex
832
1528 /*-
1529 * the payload size and the payload are encrypted, but we-
1530 * have a partial packet of block_size bytes-
1531 */-
1532 need = 4 + state->packlen - block_size;-
1533 }
executed 208 times by 1 test: end of block
Executed by:
  • test_kex
208
1534 DBG(debug("partial packet: block %d, need %d, maclen %d, authlen %d,"-
1535 " aadlen %d", block_size, need, maclen, authlen, aadlen));-
1536 if (need % block_size != 0) {
need % block_size != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1537 logit("padding error: need %d block %d mod %d",-
1538 need, block_size, need % block_size);-
1539 return ssh_packet_start_discard(ssh, enc, mac, 0,
never executed: return ssh_packet_start_discard(ssh, enc, mac, 0, (256 * 1024) - block_size);
0
1540 PACKET_MAX_SIZE - block_size);
never executed: return ssh_packet_start_discard(ssh, enc, mac, 0, (256 * 1024) - block_size);
0
1541 }-
1542 /*-
1543 * check if the entire packet has been received and-
1544 * decrypt into incoming_packet:-
1545 * 'aadlen' bytes are unencrypted, but authenticated.-
1546 * 'need' bytes are encrypted, followed by either-
1547 * 'authlen' bytes of authentication tag or-
1548 * 'maclen' bytes of message authentication code.-
1549 */-
1550 if (sshbuf_len(state->input) < aadlen + need + authlen + maclen)
sshbuf_len(sta...thlen + maclenDescription
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1551 return 0; /* packet is incomplete */
never executed: return 0;
0
1552#ifdef PACKET_DEBUG-
1553 fprintf(stderr, "read_poll enc/full: ");-
1554 sshbuf_dump(state->input, stderr);-
1555#endif-
1556 /* EtM: check mac over encrypted input */-
1557 if (mac && mac->enabled && mac->etm) {
macDescription
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
mac->enabledDescription
TRUEnever evaluated
FALSEnever evaluated
mac->etmDescription
TRUEnever evaluated
FALSEnever evaluated
0-1040
1558 if ((r = mac_check(mac, state->p_read.seqnr,
(r = mac_check... maclen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1559 sshbuf_ptr(state->input), aadlen + need,
(r = mac_check... maclen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1560 sshbuf_ptr(state->input) + aadlen + need + authlen,
(r = mac_check... maclen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1561 maclen)) != 0) {
(r = mac_check... maclen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1562 if (r == SSH_ERR_MAC_INVALID)
r == -30Description
TRUEnever evaluated
FALSEnever evaluated
0
1563 logit("Corrupted MAC on input.");
never executed: logit("Corrupted MAC on input.");
0
1564 goto out;
never executed: goto out;
0
1565 }-
1566 }
never executed: end of block
0
1567 if ((r = sshbuf_reserve(state->incoming_packet, aadlen + need,
(r = sshbuf_re...ed, &cp)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1568 &cp)) != 0)
(r = sshbuf_re...ed, &cp)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1569 goto out;
never executed: goto out;
0
1570 if ((r = cipher_crypt(state->receive_context, state->p_read.seqnr, cp,
(r = cipher_cr...authlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1571 sshbuf_ptr(state->input), need, aadlen, authlen)) != 0)
(r = cipher_cr...authlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1572 goto out;
never executed: goto out;
0
1573 if ((r = sshbuf_consume(state->input, aadlen + need + authlen)) != 0)
(r = sshbuf_co...authlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1574 goto out;
never executed: goto out;
0
1575 if (mac && mac->enabled) {
macDescription
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
mac->enabledDescription
TRUEnever evaluated
FALSEnever evaluated
0-1040
1576 /* Not EtM: check MAC over cleartext */-
1577 if (!mac->etm && (r = mac_check(mac, state->p_read.seqnr,
!mac->etmDescription
TRUEnever evaluated
FALSEnever evaluated
(r = mac_check... maclen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1578 sshbuf_ptr(state->incoming_packet),
(r = mac_check... maclen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1579 sshbuf_len(state->incoming_packet),
(r = mac_check... maclen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1580 sshbuf_ptr(state->input), maclen)) != 0) {
(r = mac_check... maclen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1581 if (r != SSH_ERR_MAC_INVALID)
r != -30Description
TRUEnever evaluated
FALSEnever evaluated
0
1582 goto out;
never executed: goto out;
0
1583 logit("Corrupted MAC on input.");-
1584 if (need + block_size > PACKET_MAX_SIZE)
need + block_s...> (256 * 1024)Description
TRUEnever evaluated
FALSEnever evaluated
0
1585 return SSH_ERR_INTERNAL_ERROR;
never executed: return -1;
0
1586 return ssh_packet_start_discard(ssh, enc, mac,
never executed: return ssh_packet_start_discard(ssh, enc, mac, sshbuf_len(state->incoming_packet), (256 * 1024) - need - block_size);
0
1587 sshbuf_len(state->incoming_packet),
never executed: return ssh_packet_start_discard(ssh, enc, mac, sshbuf_len(state->incoming_packet), (256 * 1024) - need - block_size);
0
1588 PACKET_MAX_SIZE - need - block_size);
never executed: return ssh_packet_start_discard(ssh, enc, mac, sshbuf_len(state->incoming_packet), (256 * 1024) - need - block_size);
0
1589 }-
1590 /* Remove MAC from input buffer */-
1591 DBG(debug("MAC #%d ok", state->p_read.seqnr));-
1592 if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)
(r = sshbuf_co...mac_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1593 goto out;
never executed: goto out;
0
1594 }
never executed: end of block
0
1595 if (seqnr_p != NULL)
seqnr_p != ((void *)0)Description
TRUEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-1040
1596 *seqnr_p = state->p_read.seqnr;
executed 1040 times by 1 test: *seqnr_p = state->p_read.seqnr;
Executed by:
  • test_kex
1040
1597 if (++state->p_read.seqnr == 0)
++state->p_read.seqnr == 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1598 logit("incoming seqnr wraps around");
never executed: logit("incoming seqnr wraps around");
0
1599 if (++state->p_read.packets == 0)
++state->p_read.packets == 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1600 if (!(ssh->compat & SSH_BUG_NOREKEY))
!(ssh->compat & 0x00008000)Description
TRUEnever evaluated
FALSEnever evaluated
0
1601 return SSH_ERR_NEED_REKEY;
never executed: return -39;
0
1602 state->p_read.blocks += (state->packlen + 4) / block_size;-
1603 state->p_read.bytes += state->packlen + 4;-
1604-
1605 /* get padlen */-
1606 padlen = sshbuf_ptr(state->incoming_packet)[4];-
1607 DBG(debug("input: padlen %d", padlen));-
1608 if (padlen < 4) {
padlen < 4Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1609 if ((r = sshpkt_disconnect(ssh,
(r = sshpkt_di... padlen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1610 "Corrupted padlen %d on input.", padlen)) != 0 ||
(r = sshpkt_di... padlen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1611 (r = ssh_packet_write_wait(ssh)) != 0)
(r = ssh_packe...ait(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1612 return r;
never executed: return r;
0
1613 return SSH_ERR_CONN_CORRUPT;
never executed: return -54;
0
1614 }-
1615-
1616 /* skip packet size + padlen, discard padding */-
1617 if ((r = sshbuf_consume(state->incoming_packet, 4 + 1)) != 0 ||
(r = sshbuf_co..., 4 + 1)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1618 ((r = sshbuf_consume_end(state->incoming_packet, padlen)) != 0))
((r = sshbuf_c...padlen)) != 0)Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1619 goto out;
never executed: goto out;
0
1620-
1621 DBG(debug("input: len before de-compress %zd",-
1622 sshbuf_len(state->incoming_packet)));-
1623 if (comp && comp->enabled) {
compDescription
TRUEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 208 times by 1 test
Evaluated by:
  • test_kex
comp->enabledDescription
TRUEnever evaluated
FALSEevaluated 832 times by 1 test
Evaluated by:
  • test_kex
0-832
1624 sshbuf_reset(state->compression_buffer);-
1625 if ((r = uncompress_buffer(ssh, state->incoming_packet,
(r = uncompres..._buffer)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1626 state->compression_buffer)) != 0)
(r = uncompres..._buffer)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1627 goto out;
never executed: goto out;
0
1628 sshbuf_reset(state->incoming_packet);-
1629 if ((r = sshbuf_putb(state->incoming_packet,
(r = sshbuf_pu..._buffer)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1630 state->compression_buffer)) != 0)
(r = sshbuf_pu..._buffer)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1631 goto out;
never executed: goto out;
0
1632 DBG(debug("input: len after de-compress %zd",-
1633 sshbuf_len(state->incoming_packet)));-
1634 }
never executed: end of block
0
1635 /*-
1636 * get packet type, implies consume.-
1637 * return length of payload (without type field)-
1638 */-
1639 if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
(r = sshbuf_ge..., typep)) != 0Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1640 goto out;
never executed: goto out;
0
1641 if (ssh_packet_log_type(*typep))
ssh_packet_log_type(*typep)Description
TRUEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-1040
1642 debug3("receive packet: type %u", *typep);
executed 1040 times by 1 test: debug3("receive packet: type %u", *typep);
Executed by:
  • test_kex
1040
1643 if (*typep < SSH2_MSG_MIN || *typep >= SSH2_MSG_LOCAL_MIN) {
*typep < 1Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
*typep >= 192Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1644 if ((r = sshpkt_disconnect(ssh,
(r = sshpkt_di... *typep)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1645 "Invalid ssh2 packet type: %d", *typep)) != 0 ||
(r = sshpkt_di... *typep)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1646 (r = ssh_packet_write_wait(ssh)) != 0)
(r = ssh_packe...ait(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1647 return r;
never executed: return r;
0
1648 return SSH_ERR_PROTOCOL_ERROR;
never executed: return -55;
0
1649 }-
1650 if (state->hook_in != NULL &&
state->hook_in != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1651 (r = state->hook_in(ssh, state->incoming_packet, typep,
(r = state->ho..._in_ctx)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1652 state->hook_in_ctx)) != 0)
(r = state->ho..._in_ctx)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1653 return r;
never executed: return r;
0
1654 if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)
*typep == 52Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
!state->server_sideDescription
TRUEnever evaluated
FALSEnever evaluated
0-1040
1655 r = ssh_packet_enable_delayed_compress(ssh);
never executed: r = ssh_packet_enable_delayed_compress(ssh);
0
1656 else-
1657 r = 0;
executed 1040 times by 1 test: r = 0;
Executed by:
  • test_kex
1040
1658#ifdef PACKET_DEBUG-
1659 fprintf(stderr, "read/plain[%d]:\r\n", *typep);-
1660 sshbuf_dump(state->incoming_packet, stderr);-
1661#endif-
1662 /* reset for next packet */-
1663 state->packlen = 0;-
1664-
1665 /* do we need to rekey? */-
1666 if (ssh_packet_need_rekeying(ssh, 0)) {
ssh_packet_nee...keying(ssh, 0)Description
TRUEnever evaluated
FALSEevaluated 1040 times by 1 test
Evaluated by:
  • test_kex
0-1040
1667 debug3("%s: rekex triggered", __func__);-
1668 if ((r = kex_start_rekex(ssh)) != 0)
(r = kex_start...kex(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1669 return r;
never executed: return r;
0
1670 }
never executed: end of block
0
1671 out:
code before this statement executed 1040 times by 1 test: out:
Executed by:
  • test_kex
1040
1672 return r;
executed 1040 times by 1 test: return r;
Executed by:
  • test_kex
1040
1673}-
1674-
1675int-
1676ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)-
1677{-
1678 struct session_state *state = ssh->state;-
1679 u_int reason, seqnr;-
1680 int r;-
1681 u_char *msg;-
1682-
1683 for (;;) {-
1684 msg = NULL;-
1685 r = ssh_packet_read_poll2(ssh, typep, seqnr_p);-
1686 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1687 return r;
never executed: return r;
0
1688 if (*typep) {
*typepDescription
TRUEnever evaluated
FALSEnever evaluated
0
1689 state->keep_alive_timeouts = 0;-
1690 DBG(debug("received packet type %d", *typep));-
1691 }
never executed: end of block
0
1692 switch (*typep) {-
1693 case SSH2_MSG_IGNORE:
never executed: case 2:
0
1694 debug3("Received SSH2_MSG_IGNORE");-
1695 break;
never executed: break;
0
1696 case SSH2_MSG_DEBUG:
never executed: case 4:
0
1697 if ((r = sshpkt_get_u8(ssh, NULL)) != 0 ||
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1698 (r = sshpkt_get_string(ssh, &msg, NULL)) != 0 ||
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1699 (r = sshpkt_get_string(ssh, NULL, NULL)) != 0) {
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1700 free(msg);-
1701 return r;
never executed: return r;
0
1702 }-
1703 debug("Remote: %.900s", msg);-
1704 free(msg);-
1705 break;
never executed: break;
0
1706 case SSH2_MSG_DISCONNECT:
never executed: case 1:
0
1707 if ((r = sshpkt_get_u32(ssh, &reason)) != 0 ||
(r = sshpkt_ge...&reason)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1708 (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
(r = sshpkt_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1709 return r;
never executed: return r;
0
1710 /* Ignore normal client exit notifications */-
1711 do_log2(ssh->state->server_side &&-
1712 reason == SSH2_DISCONNECT_BY_APPLICATION ?-
1713 SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,-
1714 "Received disconnect from %s port %d:"-
1715 "%u: %.400s", ssh_remote_ipaddr(ssh),-
1716 ssh_remote_port(ssh), reason, msg);-
1717 free(msg);-
1718 return SSH_ERR_DISCONNECTED;
never executed: return -29;
0
1719 case SSH2_MSG_UNIMPLEMENTED:
never executed: case 3:
0
1720 if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0)
(r = sshpkt_ge... &seqnr)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1721 return r;
never executed: return r;
0
1722 debug("Received SSH2_MSG_UNIMPLEMENTED for %u",-
1723 seqnr);-
1724 break;
never executed: break;
0
1725 default:
never executed: default:
0
1726 return 0;
never executed: return 0;
0
1727 }-
1728 }-
1729}
never executed: end of block
0
1730-
1731/*-
1732 * Buffers the given amount of input characters. This is intended to be used-
1733 * together with packet_read_poll.-
1734 */-
1735-
1736int-
1737ssh_packet_process_incoming(struct ssh *ssh, const char *buf, u_int len)-
1738{-
1739 struct session_state *state = ssh->state;-
1740 int r;-
1741-
1742 if (state->packet_discard) {
state->packet_discardDescription
TRUEnever evaluated
FALSEnever evaluated
0
1743 state->keep_alive_timeouts = 0; /* ?? */-
1744 if (len >= state->packet_discard) {
len >= state->packet_discardDescription
TRUEnever evaluated
FALSEnever evaluated
0
1745 if ((r = ssh_packet_stop_discard(ssh)) != 0)
(r = ssh_packe...ard(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1746 return r;
never executed: return r;
0
1747 }
never executed: end of block
0
1748 state->packet_discard -= len;-
1749 return 0;
never executed: return 0;
0
1750 }-
1751 if ((r = sshbuf_put(ssh->state->input, buf, len)) != 0)
(r = sshbuf_pu...uf, len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1752 return r;
never executed: return r;
0
1753-
1754 return 0;
never executed: return 0;
0
1755}-
1756-
1757int-
1758ssh_packet_remaining(struct ssh *ssh)-
1759{-
1760 return sshbuf_len(ssh->state->incoming_packet);
never executed: return sshbuf_len(ssh->state->incoming_packet);
0
1761}-
1762-
1763/*-
1764 * Sends a diagnostic message from the server to the client. This message-
1765 * can be sent at any time (but not while constructing another message). The-
1766 * message is printed immediately, but only if the client is being executed-
1767 * in verbose mode. These messages are primarily intended to ease debugging-
1768 * authentication problems. The length of the formatted message must not-
1769 * exceed 1024 bytes. This will automatically call ssh_packet_write_wait.-
1770 */-
1771void-
1772ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...)-
1773{-
1774 char buf[1024];-
1775 va_list args;-
1776 int r;-
1777-
1778 if ((ssh->compat & SSH_BUG_DEBUG))
(ssh->compat & 0x00000040)Description
TRUEnever evaluated
FALSEnever evaluated
0
1779 return;
never executed: return;
0
1780-
1781 va_start(args, fmt);-
1782 vsnprintf(buf, sizeof(buf), fmt, args);-
1783 va_end(args);-
1784-
1785 debug3("sending debug message: %s", buf);-
1786-
1787 if ((r = sshpkt_start(ssh, SSH2_MSG_DEBUG)) != 0 ||
(r = sshpkt_st...(ssh, 4)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1788 (r = sshpkt_put_u8(ssh, 0)) != 0 || /* always display */
(r = sshpkt_pu...(ssh, 0)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1789 (r = sshpkt_put_cstring(ssh, buf)) != 0 ||
(r = sshpkt_pu...sh, buf)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1790 (r = sshpkt_put_cstring(ssh, "")) != 0 ||
(r = sshpkt_pu...ssh, "")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1791 (r = sshpkt_send(ssh)) != 0 ||
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1792 (r = ssh_packet_write_wait(ssh)) != 0)
(r = ssh_packe...ait(ssh)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1793 fatal("%s: %s", __func__, ssh_err(r));
never executed: fatal("%s: %s", __func__, ssh_err(r));
0
1794}
never executed: end of block
0
1795-
1796void-
1797sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l)-
1798{-
1799 snprintf(s, l, "%.200s%s%s port %d",-
1800 ssh->log_preamble ? ssh->log_preamble : "",-
1801 ssh->log_preamble ? " " : "",-
1802 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));-
1803}
never executed: end of block
0
1804-
1805/*-
1806 * Pretty-print connection-terminating errors and exit.-
1807 */-
1808void-
1809sshpkt_fatal(struct ssh *ssh, const char *tag, int r)-
1810{-
1811 char remote_id[512];-
1812-
1813 sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));-
1814-
1815 switch (r) {-
1816 case SSH_ERR_CONN_CLOSED:
never executed: case -52:
0
1817 ssh_packet_clear_keys(ssh);-
1818 logdie("Connection closed by %s", remote_id);-
1819 case SSH_ERR_CONN_TIMEOUT:
code before this statement never executed: case -53:
never executed: case -53:
0
1820 ssh_packet_clear_keys(ssh);-
1821 logdie("Connection %s %s timed out",-
1822 ssh->state->server_side ? "from" : "to", remote_id);-
1823 case SSH_ERR_DISCONNECTED:
code before this statement never executed: case -29:
never executed: case -29:
0
1824 ssh_packet_clear_keys(ssh);-
1825 logdie("Disconnected from %s", remote_id);-
1826 case SSH_ERR_SYSTEM_ERROR:
code before this statement never executed: case -24:
never executed: case -24:
0
1827 if (errno == ECONNRESET) {
(*__errno_location ()) == 104Description
TRUEnever evaluated
FALSEnever evaluated
0
1828 ssh_packet_clear_keys(ssh);-
1829 logdie("Connection reset by %s", remote_id);-
1830 }
never executed: end of block
0
1831 /* FALLTHROUGH */-
1832 case SSH_ERR_NO_CIPHER_ALG_MATCH:
code before this statement never executed: case -31:
never executed: case -31:
0
1833 case SSH_ERR_NO_MAC_ALG_MATCH:
never executed: case -32:
0
1834 case SSH_ERR_NO_COMPRESS_ALG_MATCH:
never executed: case -33:
0
1835 case SSH_ERR_NO_KEX_ALG_MATCH:
never executed: case -34:
0
1836 case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
never executed: case -35:
0
1837 if (ssh && ssh->kex && ssh->kex->failed_choice) {
sshDescription
TRUEnever evaluated
FALSEnever evaluated
ssh->kexDescription
TRUEnever evaluated
FALSEnever evaluated
ssh->kex->failed_choiceDescription
TRUEnever evaluated
FALSEnever evaluated
0
1838 ssh_packet_clear_keys(ssh);-
1839 logdie("Unable to negotiate with %s: %s. "-
1840 "Their offer: %s", remote_id, ssh_err(r),-
1841 ssh->kex->failed_choice);-
1842 }
never executed: end of block
0
1843 /* FALLTHROUGH */-
1844 default:
code before this statement never executed: default:
never executed: default:
0
1845 ssh_packet_clear_keys(ssh);-
1846 logdie("%s%sConnection %s %s: %s",-
1847 tag != NULL ? tag : "", tag != NULL ? ": " : "",-
1848 ssh->state->server_side ? "from"<